Several prominent multinational banks suffered website and online banking service disruptions over the previous two weeks as the result of focused and highly sophisticated cyber attacks. Apparently led by Middle-Eastern “Hackivists” groups in response to the “Innocence of Muslims” YouTube video controversy, researchers have indicated that unlike attacks seen in previous years, this series of attacks were well planned, highly organized and of sufficient force to have even taken down hardened and secure telecom companies who are well-versed in handling the Denial of Service attacks that are typically experienced. In these most recent attacks, the hacktivists used zombified user PC’s as well as thousands of compromised webservers to shut down bank websites for hours, and sometimes days at a time.
What this means for you:
Zombified PC’s are no good to their handlers if they are detected and sanitized before they can be “rented” out, and as such, the most effective malware infection is often one that exists quietly on your technology until it is called into service. Obviously, this could result in your computers or servers, previously well-behaved and performing normally, suddenly acting up and running slowly, usually at the most inconvenient time for you and your business. Always make sure your anti-malware software is installed, updated and working properly.
Keep in mind that it’s even possible for website engines to become compromised and used as a zombie. Unless you tend to your site regularly, it’s possible for it to become compromised without you even noticing – that is until a customer visits your website, notices something wrong, and takes the time to report it to you instead of moving on to something else. Not sure if your computers or servers are secure? Give C2 a call and let us put your mind (and business) at ease!
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
Since its release last month, Apple has been fielding numerous complaints about wifi issues on the new iPhone 5. It’s not uncommon for manufacturers to sit tight during the first wave of complaints to see if there is any merit to them, or if they are just a combination of user-error and settling-in that always appears in new product launches. New customers were complaining of poor performance during the initial weeks of the iPhone 5’s arrival, and now that the first month’s bills are rolling in, these same customers have uncovered what looks to be a serious bug on the Verizon version of the the iPhone 5: instead of using an existing wifi connection to deliver data to the phone, iOS 6 (the operating system powering the iPhone 5) will instead continue to use the cellular connection, chewing up the monthly data allotment at an alarming rate.
Apple admitted the existence of the bug through a software update released on September 30, and Verizon has stated that no one will be charged for “unwarranted data usage” that might have occurred from this bug.
What this means for you:
If you’ve recently purchased an iPhone 5 or have upgraded your older iPhone 4 to iOS 6, and Verizon is your carrier, keep a close eye on your data usage and look for any unusual spikes in your monthly usage average. Reports are mixed as to whether this problem affects any other model other than the iPhone 5. Watch for the alert to patch your phone, and accept the update as soon as you see it. To check your cellular data usage on your iPhone: Settings->General->Usage->Cellular Usage.
The state of California just signed into law a ban on employers and universities requiring employees and applicants grant them access to their social media accounts (e.g. Facebook or Twitter). As surprising as this may seem, this was actually a thing for awhile. That is, until the internet started a ferocious publicity storm and names were named. Even still, the practice has been common enough to galvanize California lawmakers to take matters into their own hands and pass a law that in effect orders companies and universities to stop being so creepy.
What this means for you:
As of January 1, 2013, it will be illegal for you to ask your employees or applicants for access to their personal social media accounts, which will include things like Facebook, Twitter, MySpace, etc. Keep in mind, many people already openly share many aspects of their personal life (sometimes unintentionally!). As an applicant, even before it becomes an actual law, don’t let an institution or organization bully/intimidate you into this degrading invasion of your privacy.
As a business owner, employer or educator, this area is still very grey, and proper legislation is far from being clearly defined, especially as the boundaries between employees’ professional and personal lives are blurred by increasingly permissive/flexible business cultures. Remember the days when Facebook was banned at the office? Aside from the fears about wasted productivity, there were (and still are) very valid underlying concerns of mixing personal (and possibly very unprofessional) activities with business/educational pursuits. If in doubt, ask your HR representative, and check your conscience.
Threatpost has reported on a new zero-day vulnerability that is affecting the Oracle Java plugin used in all popular web browsers, and this time, all operating systems, including Apple’s OS X which is typically excluded from most security exploits. So far, the white hats are ahead of the game on this one, having detected and then demonstrated the hack to Oracle in a “proof of concept” as opposed to discovering malware in the wild exploiting the security hole. In case you missed it, Oracle experienced a similar situation not less than a month ago with Java 7, so it’s likely there are more holes waiting to be discovered.
What this means for you:
This is a fairly significant vulnerability according to the folks that discovered it, as it affects multiple version of Java, including the most recent version 7 release, and multiple operating systems. However, it does not appear to be widely exploited yet, giving Oracle time to patch it up before malware writers can disperse malware to take advantage of this hole. According to Oracle, Java is in use on billions of devices, so if they were to ignore this vulnerability, there could be serious repercussions. If Oracle drags its feet on releasing a patch, you may want to consider disabling the Java plugin in your browser, or uninstalling it altogether. Before you do that, make sure you don’t rely on Java for any critical business applications – you may be surprised to find out just how often you use Java without knowing it!
In a rare, out-of-band release, Microsoft released an update on Sept 21 that patched the much bally-hooed vulnerability that affected all versions of its browser as far back as IE 6. This security flaw was significant enough to warrant the German government recommend to its citizens that they use another browser until MS could address the exploit, which it did on the 19th in a “fixit” tool downloadable via their website, and now in an MS Update that will be delivered automatically to all validated Windows OS systems.
What this means for you:
Microsoft normally releases its updates on Tuesday, so the more savvy among you might have already noticed the unusual appearance of an update request from your Windows machine as early as last Friday evening. Regardless of when you see it, you should allow update to download and patch your OS as soon as possible, especially if you use IE as your internet browser. If your computer is managed by a corporate IT department, the update may go through internal testing before being released to update your computer. Assuming you’ve not made any changes to how your OS stays up to date, you should be patched, or will be patched the next time you reboot your computer. To make sure you’ve received this update, you can visit your Control Panel, open Windows Update and check your update history for “Cumulative Security Update for Internet Explorer (2744842)”. If this has been successfully installed, you been patched!
Either stop what you are doing and read this article from PC World, or mark it for later and keep reading this story, because this may be the most important thing you do this month.
Easily searchable personal information available on the web plus easy-to-guess passwords can lead to identity theft. Not worried about that? You should be. It’s a problem that won’t be going away anytime soon, and it won’t just affect your personal life – it can impact your business as well. Keep in mind that being targeted by a hacker versus getting infected by malware are two very different levels of danger. A direct hacking attempt is focused and presents a very clear threat to you, your loved ones and your business.
What this means for you:
Google yourself. Try various combinations of your name (including former names if appropriate). Now try your family members. Look for data that you might consider sensitive: age, birthdate, address, names of financial institutions, work or home addresses, and most importantly look for anything that you’ve used as a password. Don’t freak out! Google doesn’t know you that your dog’s name is your favorite password, but a clever hacker might figure it out just by guessing.
If you’ve sufficiently worried yourself, here’s what you need to do to harden your personal security profile:
- Use longer passwords (8 or more characters) that are not easily guessable. That means you need to stop using your Mom’s birthday, your cat’s name, etc. Mix it up with numbers and punctuation. Hackers can crack a 5-digit/letter password in a single hour just by brute force. If you want to be really safe, use a Passphrase.
- Don’t use the same password/passphrase on your important accounts, like Banks, email, data encryption, etc.
- Search your email (especially if it’s cloud-based like Gmail or Hotmail) for any emails that contain passwords, delete those emails immediately. Delete any emails that list account/login names for important accounts. Do this even if the information is no longer valid – hackers can use the info to make better guesses about active account names and passwords.
- Check your privacy settings for any social networking accounts you use (or have used in the past). If you don’t understand how they work, learn how they work or remove your account if you can’t/won’t take the time. This includes Facebook, G Plus, Pinterest, Yelp, etc. Anywhere you’ve typed in personal information about yourself may be a potential leak you didn’t know you needed to plug.
In the end, if you are able to make yourself even incrementally harder to hack than someone else, hackers are more likely to move on to easier targets. Obviously, if you need help hardening your personal or business security profile, don’t hesitate to give us a call!
Image: FreeDigitalPhotos.net
Bromium, a new startup by the same braintrust that founded Xen – a popular virtualization platform now owned by industry giant Citrix – is promising their new product, “vSentry” will return computer users to the heady days of pre-virus computing. The basic idea behind this product is basically a combination of virtualization and hardware/software compartmentalization that creates agents called “microvisors” that act as a disposable “mini-computer” that are fired up to do things like read email, surf the web, play games, etc. and are then discarded completely once you have finished with that task. Conceptually, if, during the course of that task, the microvisor was attacked and infected by malware, the malicious code would end up going nowhere in the end, as the agent was dismissed from use. Think of the microvisor as a pair of impermeable, disposable gloves, tossed into the waste bin after every use, without the landfill aftermath.
What this means for you:
Based upon what I could tell, the product is still in the very early stages, and not yet readily available to the average computer user. It’s nice to imagine an internet where you can open an email from a friend, click a strange attachment and not worry about utterly destroying your computer. Even with the best-in-industry anti-malware software installed on your computer, the weakest link is still the operator at the keyboard. Until this product becomes a reality, and gets installed on every computer, vigilance is still your best defense against the wild internet. Always make sure your anti-malware software is installed, updated and WORKING. Always back up your data, and make sure those back ups are good. And if you are ever in doubt about your computer’s security, give us a call!
CORRECTION: iOS 6 will work on iPhones from the 3GS version up. Thanks to Dave McAdams for catching that!
Apple will begin pushing the iOS6 update to its mobile device platforms on Wednesday, September 19, 2012. Along with the expected performance improvements and bug fixes, there are a handful of features that may of interest to Apple users who are not purchasing an iPhone 5.
Here are the most important changes:
- Google Maps will be replaced by Apple’s own Maps application
- Passbook is a brand new Apple app that they intend to replace paper ticketing for things like travel, movies, loyalty cards and more
- Facebook is now integrated into most of Apple’s native applications
- Siri’s search capabilities have been expanded to include things like sports scores, movie times, restaurant reservations and launching apps. It will also work on the latest iPad and the iPhone 4s, but not on older mobile devices.
- You can sync your Safari tabs between your mobile device and desktop Macs via iCloud.
- You can share photo streams with other iOS 6 users, as well as stream your photos to your Apple TV.
- Facetime can now be used on cellular networks, not just wifi.
What this mean to you:
If you are using an Apple mobile device that is NOT an iPhone 5, 4s 3GS or newer, or the 3rd generation iPad, then there’s nothing you need to worry about, as iOS 6 is not available for your device. However, if you do have a qualifying device, the upgrade will come in “over the air” if you already have iOS 5 installed. You will need to upgrade your iTunes software to version 10.7 if you plan on plugging your device into your computer. Before you upgrade, make sure you backup all of your important data (contacts, music, photos, etc.) as upgrades can go wrong, and if they do, it usually means wiping your device in order to restore it to functionality. Wiping = erasing all your personal data = disaster without a proper backup. If you rely on your phone as a critical business tool, including some 3rd-party apps, you may want to wait until you have some business downtime, just in case the upgrade goes sideways, or causes problems with your apps.




![128px-Apple-logo[1].png 128px-Apple-logo[1].png](https://c2techs.net/wp-content/uploads/2012/10/128px-Apple-logo[1]-460x260_c.png)
![Java_Logo[1].png Java logo](https://c2techs.net/wp-content/uploads/2012/09/Java_Logo[1]-460x260_c.png)
![Internet_Explorer_7_Logo[1].png Internet_Explorer_7_Logo[1].png](https://c2techs.net/wp-content/uploads/2012/09/Internet_Explorer_7_Logo[1]_0-460x260_c.png)

![maps_gallery_1[1].jpg maps_gallery_1[1].jpg](https://c2techs.net/wp-content/uploads/2012/09/maps_gallery_1[1]-460x260_c.jpg)
![Br_twitter[1].png Bromium Logo](https://c2techs.net/wp-content/uploads/2012/09/Br_twitter[1]-460x260_c.png)
