Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Fake Dropbox Email Leads to Malware Infection

  • 0
admin
Monday, 21 October 2013 / Published in Woo on Tech
Dropbox Logo

Malicious agents continue to use increasingly sophisticated email templates to fool victims into installing malware on their computers. Most recently, people have been falling prey to an email that appears to be from Dropbox.com, a very widely used cloud storage website. The email uses Dropbox artwork and is kept short and to the point: it warns the user that they need to change their password and provides a link (which, of course, leads to a hijacked website). Adding to this email’s apparent credibility is the fact that Dropbox has engaged in this very same practice to legitimately warn users about password changes. Couple this with the fact that it’s highly likely you have a Dropbox account, and the hook is set before you know it.

What this means for you:

Whenever you receive a warning like this, the safest method to take action is to manually type the URL of the service in question in your browser and never click links in the email, unless you are confident they don’t lead to a hijacked website. Most email clients, including web-based ones like Gmail and Yahoo Mail, allow you to roll over the links in any email and see the actual linked destination (it may take a second or two, be patient while hovering), as it’s trivial to fake the visible destination while sending you down a dark road to infection. For more tips on spotting fake emails like this one, read my previous post, “Fake Emails are Getting Harder to Spot“.

dropboxfake emailshackersmaliciousmalwarephishingsecurityspam

Yahoo Angers Ymail Users with Redesign…Again

  • 0
admin
Wednesday, 16 October 2013 / Published in Woo on Tech
Yahoo Logo

Only seven months after a major redesign that many considered a huge flop, Yahoo has unveiled major changes to its Ymail service, and it has its users up in arms again. The new features like conversation threads, themed background images and a massive terabyte of storage are clearly following in Gmail’s footsteps, changes that weren’t unexpected, given that Yahoo’s CEO, Marissa Meyer was one of the core designers of Gmail when she was at Google.

What this means for you:

Yahoo Mail is the second largest webmail service in the world, and very close on the heels of Gmail. Feature changes like the ones above are attempting to build on Google’s successes, but as many customers have noted in the large volume of complaints, the main reason they use Yahoo Mail is because it is not Gmail. The biggest change seems to be the removal of the Mail Tabs feature, something that nearly 40K users have voted to have Yahoo reinstate. Users are also complaining about numerous bugs that appear to have never been quashed from the last time Yahoo messed with its email service. Seemingly heedless to the outpouring of complaints, Yahoo has issued press statements reiterating the need for the company to progress the development of its services into a “…more modern and personalized Yahoo!” Perhaps that development means some loyal fans will be left behind.

complaintsemailfeedbackgmailGooglemail tabsredesignyahooymail

Google’s New Advertising Shill: You!

  • 0
admin
Tuesday, 15 October 2013 / Published in Woo on Tech
Google Logo

MetaFilter user Andrew Lewis coined a phrase that has become the rallying cry for internet privacy watchdogs over the past 3 years, “If you are not paying for it, you’re not the customer; you’re the product being sold.” He was speaking of Digg’s redesign in 2010 in which the emphasis of the site shifted away from user-centric content curation and towards a model that was clearly intended to monetize Digg’s large userbase. Since then, the phrase has been applied to many services, including the 800-lb gorilla of free internet services, Facebook, and dozens of other social media sites that use advertising money to fund their “free” services. Savvy users will note that Google has been leveraging this model on a less obvious (but no less profitable) basis ever since Google search arrived and Gmail extended its tendrils into millions of users’ daily online existence.

The subtlety was cast aside boldly last week when Google announced a change to its privacy policy that granted itself the right to utilize its users’ likeness and content authored on any one of its many properties to advertise to other users. This includes content and reviews written by users on G+, YouTube, Zagat, and the Google Play store. The new policy is the default, and users must opt out if they prefer to not participate in this endorsement model. Clearly, Google is hoping to entice advertisers with the very real impact of recommendations made to users by people they know. But many are angered by this change, and the internet outrage is spreading.

What this means for you:

If you have a Google account, then you are automatically opted in to this advertising model. To opt out, you must go to your Account settings under the Google+ section, and look for the “Shared Endorsements” link to disable your participation in the program. If you actually go do this, you’ll note that Google has written quite the argument as to why you might want to stay opted-in: “Your friends might not be able to benefit from your wisdom.” Depending on your level of participation in online reviewing/commenting/rating, participating in this program may be no big deal, or a very big deal. Either way, you should consider the implications for your online brand, whether current or planned, and the impact on your privacy, especially if your face and words could start appearing on thousands of monitors around the world.

advertisingcommentsendorsementg+Googleprivacyratingsreviewsyoutubezagat

Rent vs. Buy Debate Comes to Software

  • 0
admin
Wednesday, 09 October 2013 / Published in Woo on Tech
Rent or Buy?

Adobe dared what other software companies have only dabbled in doing: converting their entire, hugely popular software library into a rental-only commodity. Why do software companies aspire to this model? As you might suspect, users of expensive software packages like Adobe’s Creative Suite or Microsoft’s Office products are able to enjoy multiple years of use from the software before reluctantly upgrading, a consumer trend that bodes ill for any software manufacturer bottom line. The solution: make your highly desirable products only available for rent, or in software parlance: “subscription-based”, guaranteeing you a regular income that will make shareholders dance with glee. While this move has angered a large number of Adobe users, the software company was able to pull the plug on ownership because of the virtual stranglehold it has on this particular category of software, especially its flagship products Photoshop, Illustrator and Lightroom, for which there is virtually no competition its users are willing to consider.

What this means for you:

Adobe’s success (or failure) will determine how other companies proceed. Microsoft already has an extensive subscription-based offering of its productivity suite, which can be rented for what most in the business world consider to be a fair price, especially seeing as how critical Office is in daily business, but “rentals” are only a fraction of its overall sales, which still come through more traditional licensing channels. Annual licensing and maintenance has long been an accepted and expected revenue generator on the enterprise side, a means to bolster profits from an ownership model that came from lengthy software development cycles that are growing shorter and shorter every year. Adobe’s justification behind the subscription model maintains that subscribers will be able to enjoy continuous improvement to and expansion of their products. The question remains, however, whether business is ready for applications and platforms that continually change. While new features and improvements are always welcome, the constant change also present bugs, security holes and training challenges that are definitely not covered by the subscription. Where before companies could control the rate at which their critical business software was changed, now they may have to join a race in which the finish line is constantly moved away from the partipants.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

adobebuycreative suiteenterpriselicensingmicrosoftofficerentsoftwaresubscription

Remote Workforce on the Rise

  • 0
admin
Tuesday, 08 October 2013 / Published in Woo on Tech
Remote Knowledge Workers

Many of you already know this because you, or your company has partially, or even fully embraced this concept: technology continues to expand the way businesses can take advantage of remote workforces and telecommuting. According to BusinessInsider.com, the number of people working remotely or telecommuting in the US has grown by nearly 80% from 2005 through 2012. However, the actual number of people working in this fashion (3.3m, not including the self-employed) still only comprises less than 3% of the total American workforce.

Despite the gains telecommuting has been making in the business world, many more companies still cling to the more traditional office-bound cultures, even such as Yahoo, where former Googler and now CEO Marrisa Meyer infamously rescinded Yahoo’s extensive telecommuting labor policy, citing the need for more teamwork and collaboration. This is perhaps the most popular justification for eschewing a dispersed workforce, but many successful small business, both startups as well as established business are taking advantage of the decreased overhead and a happier, more productive workforce, and the internet is making collaborating over distance easier every day.

What this means for you:

As a small business owner, or someone who is looking to shake up the culture of a more traditional work environment, the arguments for decreasing real estate expenses, infrastructure costs and administrative overhead will come fairly easily. However, be prepared to answer how you will maintain or even improve collaboration and teamwork, especially now if your staff can no longer pile (physically) into a single conference room with a few minutes notice. Security, standards compliance, quality control and performance management will also require new processes and new ways of thinking, and as we all know, change never comes easy, especially when someone’s paycheck or dividend is on the line.

All of the preceding challenges can be met with current technology that is affordable and often easy to use, but if you buy a bunch of laptops and webcams and ditch the cubicle farm without preparing both your people and your business, you may be in for a rude surprise. As is always the case, plan carefully how you implement technology: the easiest step is purchasing shiny new toys. The hard part is implementing them properly and securely, and making sure they are properly aligned with your business.

Image courtesy of jannoon028 / FreeDigitalPhotos.net

compliancemarissa meyerremote workersecuritysmall businesstelecommutingyahoo

Hackers Exploiting Unpatched Zero-Day Flaw in IE

  • 0
admin
Wednesday, 02 October 2013 / Published in Woo on Tech
Internet Explorer Targeted

As predicted, the zero-day flaw in multiple versions of Microsoft’s web browser, Internet Explorer, is now being actively exploited by multiple APT (Advanced Persistent Threat) groups in attacks that are targeting large numbers of people. The most publicized and successful of these attacks have been focused on government websites. Their primary purpose: to install rootkits on government worker machines to facilitate access to confidential government documents. On top of the growing number of attacks leveraging this weakness, the Metasploit framework (an open source hacking tool used by security researchers and white-hat hackers) just released a module to the public that demonstrates how this security flaw can be used to hack IE, theoretically making it even easier for malicious agents to understand and develop their own exploits. Microsoft has yet to say when a patch will be released to fix this weakness, which affects just about every version of IE from 6 through 10. 

What this means for you:

If you are using Internet Explorer, whether by corporate mandate or by choice, make sure you’ve applied Microsoft’s temporary fix, or ask your IT guy if they’ve distributed the fix throughout the company. If you work for the government, either as an employee or contractor, be extra wary of strange behavior on your computer, and ensure that your antimalware software is fully functional and up to date.

If you are using some other browser, you don’t have to worry about this particular exploit, but as always, remain ever vigilant and make sure your OS, software and antimalware are fully patched!

advanced persistent threatbrowserespionageexploithackinternet explorermicrosoftrootkitsecurityzero day

Lockscreen Siri Access Exposes iOS7 Security Flaw

  • 0
admin
Tuesday, 01 October 2013 / Published in Woo on Tech
Siri

You thought you’d done a good thing: you finally listened to all the warnings and locked your iPhone with a passcode or, if you are one of the lucky few with a shiny new 5s, the new fingerprint lock. Sadly, one of Apple’s other famed technologies may betray you in the end. An Isreali security analyst has uncovered a significant flaw in iOS7 security when access to Siri on your iPhone’s lockscreen is enabled. The problem is part convenience and part bug: using Siri while your phone is locked allows you to make calls without having to punch in a passcode, something that is indispensible while driving, or when your hands are otherwise occupied. Unfortunately, using Siri in this manner leaves a back door open in the form of unfettered access to the phone app, while your phone is still locked. Oh, and did you remember that Siri responds to anyone’s voice, not just the owners? 

What this means for you:

“How bad could this be?” I hear you asking. While in the phone app, the user can access the phone’s voicemail, send text messages, view the calendar and look through all the contacts in your phone. If you don’t consider that private, you are part of a very small minority on this planet. The fix is simple: disable access to Siri from the lockscreen. The recommendation: do it now if you care about your phone’s security. It’s likely Apple will fix this flaw, but will they do it in time to protect your confidential data?

Applebugconfidentialexploitflawhackios7securitysiri

Cross-platform Chat App May Be Dodgy

  • 0
admin
Wednesday, 25 September 2013 / Published in Woo on Tech
ID-10021674.jpg

A new app has appeared on Google’s Play store that purportedly offers Android users the ability to chat with iOS users via Apple’s iMessage platform, and it has security eyebrows raised, primarily because it wasn’t released by Apple. Cydia (app store for jailbroken iPhones) developer Jay Freeman delved into the code of “iMessage for Android” and discovered another alarming fact: the app appears to be authenticating not through Apple’s servers, but through some unknown platform in China, even though it requires a legitimate Apple ID to work. Another developer also noted that this app has the ability to silently download code to your Android smartphone, a permission that could lead to a malware infection. The app is very new and these security peculiarities have yet to be widely verified, but it has already been downloaded from the Play store over 10,000 times.

What this means for you:

Firstly, your Apple ID (which may have money and many, many apps, songs, movies, etc. tied to it) is being passed through an unknown server in China. There is no guarantee that the owners of that server aren’t collecting these IDs for nefarious purposes. Add this to the fact that the app can download code without notifying you, and the scales are now dipping alarmingly towards “dangerous” if not outright “malicious”. Also at stake is the trustworthiness of Google’s Play Store app vetting process – how could this app have possibly made it through without raising some red flags. Sure, there is no love lost between Apple and Google, but Google is usually smart enough to not poison its userbase with a dodgy app just so Android users can text chat with iOS users. It remains to be seen whether this app is truly on the up and up, but all signs indicate otherwise at this point. I’d err on the side of caution and avoid installing this app for now. If you really need to talk to that iPhone user, just send them a text!

Image courtesy of Idea go / FreeDigitalPhotos.net.

AndroidAppleapple idChinaGoogleimessageiPhonemalicioussecurity

German Hackers Bypass iPhone Fingerprint Protection

  • 0
admin
Tuesday, 24 September 2013 / Published in Woo on Tech
Touch ID Hacked?

When you are king of the mountain, everyone lines up to take a shot at you, and the iPhone is no exception. In this particular case, security analysts were taking bets on how long it would take for someone to defeat the brand-new iPhone 5s fingerprint scanner. They didn’t have to wait long, as it seems a German hacking group known as the Chaos Computer Club was first to publish a technique they claim will defeat Touch ID’s technology. Though the claim has yet to be independently verified, it has the same trappings as the infamous “gummi bear hack” that poisoned public perception of biometric security measures over a decade ago. In a nutshell, the hack requires a high-resolution scan of the target’s fingerprint, which is then used to create a fake finger from a laser printer and a thin layer of latex.

What this means for you:

According to the Chaos Computer Club, their intent behind publishing the findings was to demonstrate to the public the weakness of fingerprint-based security, pointing out two very obvious weaknesses: (1) we can’t change our fingerprints if they happened to get compromised, and (2) we leave them everywhere we go. Whether or not CCC’s technique proves replicable, it is only a matter of time before other techniques are published, and their points still stand. Multi-factor authentication methods can surmount this particular problem, as can biometric patterns that aren’t so easily replicable (such as your cardiac signature), but the fact remains that the easiest method to gain access to your phone is for someone to gain access to one that isn’t protected at all, either by fingerprint, pin or password. Unless the only thing you use for smartphone for is games, you should always have some form of protection on your phone, and doubly so if you use it to conduct work.

Applefingerprinthackiphone 5sscannersecuritytouch id

Another Day, Another Zero-day IE Exploit in the Wild

  • 0
admin
Wednesday, 18 September 2013 / Published in Woo on Tech
IE Exploit

In case you were worried that Internet Explorer might be gaining ground as a secure web browser, security researchers have uncovered another zero-day vulnerability that is actively being exploited in version 8 and 9 of Internet Explorer. I’ll spare you the gory details but the gist of the hole is such that it can be exploited in a simple “drive-by” attack, and doesn’t even require interaction from the user. Sadly, this weakness seems to afflict all versions of Microsoft’s web browser, including the yet-to-be released version 11. Microsoft is aware of the issue, and is working to plug the hole, but could be weeks away from a formal fix.

What this means for you:

If you are using IE 8 (extremely likely if you are still using Windows XP), or IE 9 (also likely throughout much of the corporate world), there is a Microsoft Fixit that can be applied, and enterprise IT shops can address this centrally if they are running well-managed computer fleets. If you are leery of applying temporary patches and are not restricted to using Microsoft’s browser, you can give Chrome, Firefox or even Safari a try until Microsoft issues a formal patch for this exploit. At minimum, make sure your anti-malware is up to date and working, and watch carefully for suspicious behavior while surfing the internet, especially if you are visiting new/unfamiliar websites.

browserchromeexploitfirefoxinternet explorermicrosoftpatchsafarivulnerabilityzero day
  • 52
  • 53
  • 54
  • 55
  • 56

Recent Posts

  • code in a laptop screen

    Software Updates: When to Install, When to Wait, When to Worry

    On July 19, 2024, CrowdStrike pushed a routine ...
  • half open laptop

    Technology Transparency: Why We Don’t Hide Our Markups

    Go look up Microsoft 365 Business Basic on Micr...
  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP