Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Passwords can no longer protect us

  • 3
admin
Saturday, 17 November 2012 / Published in Woo on Tech
Passwords are a Dead End

If you didn’t get your fill of scares this past Halloween, sit down and read this article about password security from Matt Honan, the Wired Magazine writer who’s digital life was destroyed this past summer in minutes by teenage hackers. If you only read one article this year, you should read this one, but in case you don’t (or can’t or won’t), I’ll try to sum up the most important parts of the article:

  • We are sacrificing privacy and security for convenience.
  • Passwords (even long, hard to guess ones) are no longer viable.
  • The technology industry hasn’t been able to come up with a better solution to this problem.

 

What this means for you:

Again, if there is one article you should read this year, especially as you gear up to get your online shopping done this upcoming Black Friday, it’s this one! You’ve heard me give you all the precautions and practices you should be following to better secure your online information, but Matt explains in easy-to-understand, non-technical terms why folks like me are growing increasingly concerned – and in some cases frightened. We, as a civilization, have hit a critical point in our history, and if we don’t make some careful choices and some necessary changes to how we use computers, we are heading down a road of security ruin that could impact anyone that uses technology as a critical part of their lives.

Until better solutions to the password problem arrive, there are some things you can do:

  • Don’t use the same login and password for multiple sites.
  • If it’s available, use 2-factor authentication to secure accounts, especially email.
  • Don’t use easy to guess passwords. Use really hard ones for your most important accounts.
  • Use a separate, hard-to-guess email account for password resets that is separate from your main email account. Gmail is great for this, as it offers two-factor authentication.
  • For password hint questions, eg. “What is your mother’s maiden name?” use incorrect answers that aren’t easily found on the web, and only you would know.

Read the article for even more tips on how to make yourself harder to hack.

 

2-factor authenticationdead endemailHackingpasswordssecurity

NASA loses laptop with sensitive data

  • 0
admin
Friday, 16 November 2012 / Published in Woo on Tech
nasa_logo.png

In yet another instance of high-profile data loss, the National Aeronautics and Space Administration (NASA) has announced that a laptop containing unencrypted, sensitive data was stolen. Ahead of a final determination of the extent of the data exposure, NASA has warned its 300,000 employees and contractors to be extra cautious and that they may be at risk for identity theft.

As a result of this theft and previous data exposure incidents, the organization has established a new policy that all laptops will be encrypted from this point forward, and until the encrpytion can be enforced, all laptops with sensitive data can no longer be removed from NASA facilities.

What this means for you:

The NASA laptop in question was password protected, but you may not be aware that gaining access to data on a password-protected laptop is trivial when you have the actual device in your physical control. Though it does add overhead to overall performance of laptops, encrpyted data partitions or even full-drive encryption is the only way to truly safeguard data on mobile devices, and a compromise that savvy organizations are willing to make in order to allow their knowledge workers the mobility required in today’s technology environment. If you or your knowledge workers work with sensitive data, whether it be employee records or client data, you should review your organization’s privacy and security policies to ensure you are properly protecting yourself from a damaging security breach and data loss.

data lossencryptionidentity theftlaptopnasasecuritysensitive personal information

VA puts its head in the Cloud

  • 0
admin
Wednesday, 14 November 2012 / Published in Woo on Tech
Office 365 Logo

In what is being the called the largest migration to cloud services so far, the Department of Veteran Affairs has just inked a deal with Microsoft and HP Enterprise Services to move its 600k users to Microsoft’s cloudbased office productivity suite Office 365. The move is seen by many as further evidence of a significant shift in corporate IT strategy away from costly infrastructure investments to cloud services for every aspect of technology. Over the past 10 years, enterprise IT departments have been gradually, but inexorably moving application platforms out of their own datacenters to providers like Oracle and SAP, but hesitated when it came to the garden-variety desktop applications that knowledge workers use daily. That reluctance may be disintegrating as services from Google and Microsoft make it hard to dismiss the tremendous efficiencies and savings that can be realized by getting rid of the real estate and overhead needed to maintain desktop-based applications.

What this means for you:

Many of you work in the cloud daily without giving it a thought. Perhaps you never thought of Gmail or Hotmail or Yahoo Mail as a productivity app, but what about Salesforce, or LinkedIn, or even Facebook? Both Google and Microsoft’s cloud-based office apps are full-featured and powerful enough for everyday business tasks, and the very nature of their delivery makes deployment, security and maintenance much simpler that software installed on desktops. It’s this same strength that also proves to be a weakness, as if you lose your internet connection, you also lose your ability to work. Well that’s easy to solve, I can hear you say. Why not just move to another location where the internet is working? What if it’s the cloud itself that is unavailable? Once again, the cardinal rule compartmentalization comes into play – never base the entirety of your critical business operations in the hands of a single, monolithic platform, even if that platform is largely reliable. And this goes doubly so for a platform around whose neck you can’t comfortably get your hands, as is the case with a provider like Microsoft or Google.

cloudcontinuitygmailGooglehotmailHPlinkinmicrosoftoffice 365productivitysalesforcestrategyVeteran Affairsyahoo mail

Petraeus-Gate and Fallacy of Email Privacy

  • 1
admin
Wednesday, 14 November 2012 / Published in Woo on Tech
Email Security

Apparently, even the (former) head of the CIA can fall victim to a security breach. General David Petraeus recently handed in his resignation as the leader of the US’s Central Intelligence Agency when his extra-marital affair surfaced through an investigation led by the CIA’s own sister agency, the Federal Bureau of Investigation. What’s interesting is that the FBI didn’t use exotic technology or Hollywood-esque espionage to gain access to Petraeus’ “anonymous” email account –  in the end, it boiled down to a simple, lawful, court-order through the Electronic Communications Privacy Act. Once the FBI had covert access, they were easily able to track the account usage and trace it to the General himself.

What this means for you:

What undid Petraeus – aside from lack of integrity and fidelity – wasn’t his extremely clever usage of Gmail. Once again, the subterfuge was ruined by a person – in this case, by his own mistress, Paula Broadwell, who sent threatening emails to Petraeus family friend, Jill Kelley who then got the FBI on the case. In the course of any criminal investigation, the ECPA grants the government authority to access any electronic communication without a warrant if it’s under 180 days old, and if it’s older than 180 days, then all that is needed is a court order. Even if you think you’ve set up an anonymous email account, all email travels through the internet by virtue of metadata attached to the digital envelope that is impossible to hide. Think of it as a digital postmark. And because all data must come from somewhere and go somewhere, IP addresses (and logs) make it possible to pinpoint those locations with ruthless precision. The next time you send an email that you need to be completely confidential, think carefully about the implications of it appearing on the front page of every news website in the world. Obviously, the government doesn’t have the time (or the justification) to watch everyone in America, but they certainly have the means, and will to use it, even if it undermines one of their own sacred cows.

Image courtesy of renjith krishnan / FreeDigitalPhotos.net

affairBroadwellCIAECPAElectronic Communications Privacy ActemailFBIinvestigationIP addressmetadataPetraeussecurity

The Most Devastating Cyberattack You Never Heard About

  • 0
admin
Tuesday, 13 November 2012 / Published in Woo on Tech
Saudi Aramco Logo

In August of this year, one of the world’s largest oil producers, Saudi Aramco, was targeted in a cyberattack that crippled tens of thousands of its computers. Despite the apparent success of the attack and the impact this would have had on the company’s operations, oil production did not falter, and the global economy continued its drunken flirtation with failure instead of rushing into an oil-shortage-fueled orgy of self-destruction. Saudi Aramco has not been forthcoming on the details of the attack, or how they managed to survive it relatively unscathed, but in the eyes of security analysts and even our own Secretary of Defense, Leon Panetta, this attack was “probably the most destructive attack that the private sector has seen to date.”

There are conflicting reports about the motivation behind the attack. The hacktivist group “Cutting Sword of Justice” has claimed responsibility, citing the act as a strike at the House of Saud, the ruling body of Saudi Arabia, refuting claims by security analysts who believe the attack to be a state or government-sponsored reprisal for the Stuxnet attacks that crippled the Iranian Nuclear Program. Intended to cripple oil-dependent economies like the US, government-backed cyberattacks on companies like Saudi Aramco can also gain proprietary geological survey data that could be extremely profitable for other, competing state-sponsored oil companies.

What this means for you:

Information is power, and there are very few companies that don’t store their most valuable data on computers and servers that are somehow connected to a network, if not the internet itself. Even if they had the best security known to man, it’s believed that at least one individual inside Saudi Aramco provided the means for attackers to compromise a company that produces 12% of the world’s oil. You should never rely 100% on technology alone for security – humans will always be more fallible than computers. Additionally, it’s important to provide some level of separation in your core business operations so that if a segment of your business is paralyzed, the entire operation doesn’t grind to a halt because the computers are offline getting repaired.

cyberattackeconomic terrorismhacktivismIranmalwareoilsecuritystuxnetvirus

Go to Denmark for the Safest Computing

  • 0
admin
Wednesday, 07 November 2012 / Published in Woo on Tech
Kaspersky Logo

Kaspersky Labs just released their quarterly threat report for Q3 2012, and it’s dry reading for most folks not fascinated by IT security as I am. There are some notable trends that their research has surfaced, and I thought you might find some of these data points interesting:

  1. You are least likely to be infected by a fellow countryman in the nation of Denmark. (The US is in the lower first quartile, in case you were wondering.)
  2. Russia has overtaken the US as having the most websites hosting malware software.
  3. The most commonly found smartphone virus is designed to steal money from you by texting premium-rate numbers without you noticing.
  4. The most common way to get a virus infection is via drive-by infections, ie. visiting a dodgy website and getting infected when your browser loads pages that have embedded viruses.
  5. Of the top 10 most commonly found software vulnerabilities, 2 are found in Oracle software (Java), 5 from Adobe (Flash, Shockwave & Acrobat), 2 from Apple (Quicktime and iTunes), and 1 from Winamp.
  6. Over half of the detected malware infections came from Java vulnerabilities.
  7. For the first time in many years, Microsoft did not make the Top 10 list of vulnerabilities!

What this means for you:

Keep your software up to date. The java vulnerabilities have been patched, but many people ignore (or aren’t even aware) that Java needs to be kept up to date just like any other software installed on their machine. Keep your browser up to date, and if you have the choice, use the latest version of IE, or even better, Google’s Chrome browser. However, nothing will keep you safe if you don’t have proper malware protection installed, updated and ACTIVE. If you use an Android phone, see my previous article on the dangers of side-loading questionable apps. As of the moment, buying smartphone anti-virus software isn’t at the same state of “must-have” as computers, but we may be fast approaching that point. If you are careful about the apps you install on your phone, you don’t need it…yet.

adobeAndroidAppledrive-by infectionflashitunesjavakaspersky labsmalwareoraclequicktimesecurityside loadingvirus

Malware Apps for Android on the Rise

  • 0
admin
Monday, 05 November 2012 / Published in Woo on Tech
Android Logo

According to analyst IDC, Android-based smartphones account for three out of every 4 phones sold worldwide in Q3 2012. As anticipated, this expansion of the market has also prompted a surge in fraudulent apps being developed and installed on phones. Security firm F-Secure  reports a 10X increase in the number of distinct malware apps detected in the marketplace, finding over 50k apps this quarter alone. Most of these apps appear to be making their debut on 3rd party apps stores outside of the US looser security standards allow the malware to slip into the marketplace undetected.

What this means for you:

Earlier this year, Google implemented a security review process on its official “Play” store, reducing the number of fraudulent apps significantly. However, unlike the iPhone ecosystem, which locks users into only getting apps through its tightly controlled and reviewed iTunes appstore, Androids can bypass the Google’s official appstore to “sideload” apps on their smartphones via a single checkbox setting that is available in the operating system. Just because you can do something doesn’t mean you should. With the possible exception of Amazon’s App Store, I would not recommend installing apps from any 3rd party app store. Amazon.com led the way in sideloading by announcing their own appstore in early 2011, primarily as a means to avoid paying distribution fees to Google to service their own Android-based Kindle devices. Given that keeping their user base safe is probably of utmost concern, it’s likely that Amazon will be carefully reviewing apps distributed through their ecosystem.

If you insist on sideloading apps from a 3rd party app store, make sure you know what you are doing, review the apps carefully, and when in doubt, do your research before installing that magical app that will do it all, and is also free. It may not cost you any money up front, but the longterm damage to your security and identity may be a cost you can’t afford.

amazonAndroidAppleappstoreiPhonekindlemalwaremarketshareplay storesecuritysideloading

Millions of SC ID’s Compromised

  • 0
admin
Thursday, 01 November 2012 / Published in Woo on Tech
The state flag of South Carolina

On Friday, the state of South Carolina announced that it had been the victim of a major security breach, and that as many as 3.6 million state residents (nearly 77% of the total state population) may have had their Social Security numbers and other personal identifying data stolen by person or persons unknown. As security firm Mandiant investigates the breach, they further revealed today that as many as 657,000 local businesses may have also be impacted by the data leak. The severity of the breach was exacerbated by the fact that the compromised data was actually being stored unencrypted on state-run servers, despite the fact it contained extremely sensitive tax information going back multiple years.

What this means for you:

Unless you are a resident of South Carolina or your business has filed taxes in that state, this particular event probably won’t impact you directly. However, it does serve to highlight that governments, like many businesses, fail to take security as seriously as they should, often under-spending on security or even ignoring potential threats. If you work with customer data that might be considered sensitive, are you doing enough to make sure that data is kept safe, not only from hackers, but from loss due to physical device theft, and damage from things like wildfires, floods, earthquakes or even a spilled cup of coffee? Most business won’t be able to prevent a determined hacker from penetrating their defenses, but they can make sure that sensitive data is stored properly (or not at all!) to minimize the collateral damage.

Hackingidentity theftsecuritysocial security numberssouth carolinataxpayers

Frustrated with Siri?

  • 0
admin
Wednesday, 31 October 2012 / Published in Woo on Tech
Google Logo

Everyone I know that uses an iPhone has told me that Siri is, at best, a fun party trick, and at worst, completely useless. If you were sold on your latest iPhone by the promises Zooey Deschanel or Martin Scorsese failed to deliver, then you may find solace in a competitive offering from Google. Voice search is now embedded in Google’s recently updated and free iOS search app, allowing you to ask natural language questions and (hopefully) receive audible answers powered by Google’s vast databases.

What this means for you:

If you are one of those people who don’t mind addressing their smartphones like they were animate objects, (you know who you are!) then this app is worth a try. Android users with the Jelly Bean operating system on their devices (Nexus users and some specific late-model Android phones) have been enjoying Google’s voice-driven search capabilities for several months, with generally favorable reviews as compared to Apple’s Siri. It’s free – all you have to lose is some time (and possibly your dignity).

appAppleGooglesearchsirivoice search

East Coast Flood Impact Felt Around the Nation

  • 0
admin
Wednesday, 31 October 2012 / Published in Woo on Tech
Flooding Ahead

Normally, New Jersey and Manhattan datacenters don’t have to worry about floods, but Hurricane Sandy quickly overwhelmed many major providers like Internap and Peer 1 who provide service across the country. While most of their electronics were relatively safe from the torrential rains and high winds, water will – given time and opportunity – get into everything, and thousands of buildings in the area experienced severe flooding in basements and even ground-floor spaces. “Surely they don’t keep their electronics down in the basement!” I can hear you exclaim, and they don’t, but what is down there are generators and fuel pumps for those generators, because that’s where most buildings put their big, noisy mechanical equipment. Power outages don’t stop big datacenters – they’re designed to last for hours, even days without power – but those generators need fuel and air. When they are under 5 feet of water, both are going to be in short supply.

What this means for you:

When doing your disaster preparedness and continuity planning (you do have a DR/BC Plan, right?) you need to assess all vendors that provide services you would consider critical to your core business processes, particularly the ones that service your customers, such as website or application hosts, or even your own employees such as outsourced payroll services. If you are using providers that have weak, or even incomplete DR/BC plans of their own, you may want to change providers, or, at minimum, compartmentalize your own business processes so that your company isn’t completely crippled by a weak point in your service supply chain.

Image courtesy of “winnond” / FreeDigitalPhotos.net

business continuitydatacentersdisaster preparednessfloodinghurricane sandyplanning
  • 63
  • 64
  • 65
  • 66
  • 67

Recent Posts

  • code in a laptop screen

    Software Updates: When to Install, When to Wait, When to Worry

    On July 19, 2024, CrowdStrike pushed a routine ...
  • half open laptop

    Technology Transparency: Why We Don’t Hide Our Markups

    Go look up Microsoft 365 Business Basic on Micr...
  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP