Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Internet-enabled appliances weak on security

  • 0
admin
Tuesday, 05 August 2014 / Published in Woo on Tech
Risks vs. Rewards

When it first occurred, connecting things to the internet seemed more like a gimmick than anything practical. Remember that fridge that was supposed to know when you need to buy more milk and would email you a reminder? Even though that particular concept still hasn’t really caught on (though it should!) plenty of other things in our houses and workplaces are connected to the web, to the point where we don’t even consider it gimmicky anymore. Cars that can be started via an iPhone app? Sure! Security cameras that text you when they detect motion? Why not? How about thermostats and lighting that can be adjusted via wifi? Done! Except for a “little” problem: this growing “internet of things” is just as bad (if not worse) at security as the rest of the internet. A security study by technology giant HP took a look at the 10 most popular internet-enabled devices and discovered each device had at least 25 security vulnerabilities that could lead to terrible things.

What this means for you:

Most of my clients have a healthy respect (if not fear) of the internet and its tireless ability to invade your privacy, and typically make more informed choices than the general public, but as more and more devices come “connected” right out of the box, it’s easy to fall into the convenience trap of plugging the thing in and moving on to the next item on the to-do list. What this will eventually mean is people are surrounding themselves with devices that, taken as a whole, can provide an incredible amount of detail about their supposed “private” life. And those devices are all connected to the internet. Unless manufacturers starting upping their security standards (or the market forces them to), we may all find ourselves living a rather exposed existence. So the next time you are considering a device that is “internet” enabled, consider whether or not you are ready (and willing) to understand exactly how that device secures itself from hacking, and whether its worth the convenience.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

HackingHPinternet of thingsprivacysecurityweb

Quantum data teleportation may lead to spy-proof networks

  • 0
admin
Sunday, 01 June 2014 / Published in Woo on Tech
Future computer chip

Dutch scientists have recently announced a breakthrough in quantum mechanics that could have significant applications in networks and security. Where previous experiments in this field have demonstrated that information could be transmitted across great distances (up to 90 miles) via quantum mechanics, the researchers at Delft University were able to instantaneously transfer information between two quantum-entangled bits (Qubits) ten feet apart from each other, and they theorize this could be accomplished at greater distances as well. While this may not sound like a practical distance, there are two important facets to consider: the information doesn’t actually traverse the distance, the information just exists in two different places at the same time, and the materials used to build the Qubits (in this case, diamond) could conceivably be produced on a mass-scale.

What this means for you:

Though it sounds like science fiction, quantum computers are actually being built and are in use, though mostly in highly experimental situations. The benefit of quantum data communications go beyond speed: because data isn’t transmitted so much as teleported across distances, it would be theoretically impossible to intercept, tap or otherwise tampered with a quantum bit of information without altering it, and thereby rendering any sort of eavesdropping impossible. Quantum-based encryption keys would be unbreakable and could never be intercepted or replicated as has been the weakness exploited in Heartbleed and countless other security hacks. However, we are still years away from a quantum internet, or even a quantum home computer or router, so don’t give up on your current security measures just yet. Also keep in mind that even though quantum security is impossible to hack in theory, the devices that will be built to use quantum mechanics will still be designed by people, which means that it is only as impervious or infalliable as the humans that created it.

Image courtesy of Renjith Krishnan / FreeDigitalPhotos.net

data transfereavesdroppingencryptionHackingquantumsciencesecurityspying

Hacked Baby Monitor Leads to Scary Parenting Moment

  • 0
admin
Wednesday, 07 May 2014 / Published in Woo on Tech
Hacked!

As a parent, there is perhaps nothing more frightening than to have your child’s well-being threatened, and when that threat comes from a device meant to help safeguard children (and relieve parental anxiety), the impact can have far-reaching implications. Proving that some hackers out there have no grasp of human decency or compassion, there have been at least two separate known incidents of network-enabled baby monitors being hacked and then used to audibly taunt and yell at the toddlers devices were monitoring. In both cases, the devices weren’t hacked in the true sense of the word, but were exploited through a weakness that is common across the internet: easy-to-find default passwords. The parents, not knowing that the passwords should be changed, left the devices configured as they came out of the box, and the baby-screamers used that opening to perpetrate their irredeemable acts.

What this means for you:

In comparison to the above, getting hacked as an adult seems almost laughable, but when you think about it, it’s just as scary. In case you missed my blog about “ratting” and you aren’t feeling insecure enough about your security and privacy, you should have a read. The lesson hard-learnt here is this: make every attempt to understand all the devices you use, especially the ones that may be safeguarding the security, privacy and happiness of your family. Read the instructions that come in the box, and if they are incomprehensible, get on the internet and ask questions, or grab your nearest tech geek to have them review the device for potential security issues. Don’t take for granted that a device manufacturer (or website publisher, or software programmer) has your security and privacy top of mind when they are making and marketing their product. The lure of profit encourages even the most trusted brands to cut corners on occasion, which can lead to scary situations like the above.

baby monitorschild safetyHackingparentingprivacysecurity

Remote Access Trojan App Shows up on Google Store

  • 0
admin
Tuesday, 11 March 2014 / Published in Woo on Tech
Spy Phone!

About a year ago, I shared an article from Ars Technica detailing a chilling and degrading hacker activity called “ratting” wherein your computer could be hacked into covertly spying on you. This disturbing trend now appears to be spreading to Android smart phones; for a short while before it was detected and removed, a seemingly legitimate app was available on the Google Play store that was purportedly for parents to keep an eye on what their children were doing on their smart phones. Unfortunately for the 50 or so people who actually downloaded the program, the real purpose of the app was to install a remote access trojan platform on the device which would enable someone to illicitly use the phones cameras and mics to spy on the user, as well as control other aspects of the phone like sending texts, making calls and sending emails.

What this means for you:

The app was built on a software development platform that is being marketed specifically to hackers, and one of the key selling points is this kit’s ability to build apps that can “hide” from Google’s security scans that usually prevent malware from being uploaded to the Play store. Translation: you can expect more apps like the one mentioned above to appear on the Google Play store. Where before you could, with maybe 99% effectiveness, depend on Google to protect you from harmful apps, you can no longer take for granted that if an app appears on the Google Play store that it is 100% legitimate. To protect yourself as an Android user, you should:

  • Make sure to have a reputable Anti-malware app installed (I like Webroot’s Security & Antivirus).
  • Read carefully the access permissions each app is asking for before installing.
  • Pay attention to user reviews and install count. If the app only has a small number of reviews and installs, give it a few days and check back to see the app survives internet scrutiny.

Fortunately, Google has a means to automatically reach out to any Android phone and purge apps that it has found to be harmful, but it’s much safer and less stressful to avoid being victimized in the first place.

Androidappgoogle playHackingprivacyrattingsecuritytrojanwarning

Microsoft Employees get Hooked in Phishing Scam

  • 0
admin
Tuesday, 28 January 2014 / Published in Woo on Tech
Microsoft Hacked

In case you are feeling like the only one under constant cyber attack, Microsoft has recently admitted that the Syrian Electronic Army has successfully hacked some of its employee email accounts, apparently in pursuit of documents pertaining to ongoing law enforcement surveillance requests. As is typical with these types of breaches, Microsoft has yet to determine if any customer data was exposed, and so far is saying very little in that regard. This comes on the heels of it’s the Microsoft Office blog being defaced only days prior, as well as successful attacks on high-profile Twitter accounts and blogs used by other Microsoft divisions. 

What this means for you:

The Microsoft employees who were hacked were compromised through nothing more sophisticated than the ole “phishing” tactic. In case you still don’t know what that is, I’ll describe it in brief:

  1. You receive a legitimate-looking email, warning that your account at a popular service has been compromised, or your password has been reset, or that some other urgent action is required. Other popular phishing tactics include packages (or money) awaiting delivery, important faxes being held, etc.
  2. The email directs the recipient to a website that may be designed to look legitimate, but is not. The hacker owns that website, and any data typed into it.
  3. In all cases, the hacker is trying to get the recipient to volunteer specific information about themselves, usually things like user IDs, passwords, Social Security numbers, addresses, anything that could be used to compromise and possibly steal your ID.
  4. On top of tricking you into entering your important data, the website will often attempt to install other malware on your computer, resulting in severe infections and further data theft if it’s not caught quickly. This can even happen if don’t enter any information on the website. Visiting that first page is often all it takes to get a bad malware infection.

If you haven’t figured out why it’s called “phishing”, the hackers are the fishermen, the email is the bait (and hook), and you are the fish. “Spear phishing” is when specific groups of recipients are targeted (as was probaby the case with the Microsoft incident above), and “whaling” is when high-profile executives or critical employees are specifically targeted with carefully crafted emails tailored for the individual coupled with other social engineering tactics to lend legitimacy to the attack. And don’t think that you are immune to whaling attacks just because you aren’t a high-powered executive. Analysts are even now investigating possible AI-generated whaling attacks that being generated based upon information gathered on the internet from sites like Facebook and Linkedin, making it harder and harder to spot the fakes in your email.

blogemailHackingmicrosoftphishingscamsecuritysyrian electronic armyTwitter

Can the NSA hack your new iPhone?

  • 0
admin
Wednesday, 08 January 2014 / Published in Woo on Tech
Eye (of Sauron) Phone?

German newspaper Der Spiegel launched a media frenzy last week with the provocative story that the NSA can (and probably has) compromise the iPhone in a way that gives them complete “ownership” of the device for the purposes of surveillance. Fueled by documents released by infamous informant Edward Snowden, the article details a specific program called “Dropout Jeep” that could completely compromise an iPhone…in 2007.

What this means for you:

Today, in the internet economy, media outlets have priorities that aren’t always compatible: keep their audiences informed, and get as many eyeballs/clicks/likes as possible. As you can imagine, stories about iPhones and NSA spying are hot commodities right now, so when the two subjects align, how can you not lead with such an explosive story?

Several articles spurred by the Der Spiegel piece speculated that Apple may have been working with the NSA all along. Most suggested that the NSA can and has owned even current gen iPhones. Apple, of course, has denied any collaboration with the spy agency. The NSA itself continues to remain silent on stories like this. But, as mentioned above, the Dropout Jeep program was active in 2007, and required the hacker to have physical access to the device. As many of you have heard me say before, if someone has physical access to your device, compromising the device (regardless of manufacturer or type) becomes much more straightforward. The Snowden document did indicate that the NSA was working on future versions of the spyware that wouldn’t require physical access to the device, but for the moment, there is no proof that they can “own” modern iPhones.

But there’s no proof that they can’t, either.

 

Appleder spiegeldropout jeepHackingiPhonensaspying

Hacker Drone hacks and enslaves other drones

  • 0
admin
Wednesday, 04 December 2013 / Published in Woo on Tech
Parrot AR Drone

Just in time to ride the publicity wave created by Amazon Prime’s Delivery Drones, infamous MySpace hacker Samy Kamkar has created a flying drone that can hack other drones and take over control of them. Before you grab your bug-out bag and head to that bunker in Montana, it may ease your fears somewhat to understand the drones in question are of the toy variety, versus the death-dealing military variety. The popular Parrot AR Drone is controlled from an iPad or iPhone via unencrypted Wi-Fi, a feature that Mr. Kamkar takes full advantage of in his miniature drone predator, aptly dubbed, “Skyjack“.

What this means for you:

While Skyjack is a long ways away from hacking the various UCAVs that are in extensive use around the world, it’s not hard to imagine how this could escalate the high-tech arms race fueled by the highly-publicized arrival of combat drones in the Afghanistan invasion. The idea behind Skyjack is a drone that can hunt out other Parrot AR Drones autonomously and enslave them. Fly Skyjack into a park where enthusiastic drone pilots are taking their Parrots for a spin, and the more unscrupulous Skyjack pilot can steal away the $300 devices in a blinking of an LED. Now extend that idea to a drone that can fly around neighborhoods, hunting out unsecured Wi-Fi networks or routers, hacking them, logging their locations, and then returning to its owner with map and database of ripe targets. Have I frightened you enough yet to get you to change the password on your home router to something a bit harder to guess?

Image Courtesy of Wikipedia.org

combat dronedroneshackerHackingparrot ar dronepasswordssecurityskyjacktoyucavwi-fi

Hacked Limo Co Exposes Customer Data

  • 0
admin
Tuesday, 05 November 2013 / Published in Woo on Tech
Hacked

While analyzing the data trail of the recent, highly-publicized Adobe security breach and data theft, researchers also discovered data that appears to have been stolen from a prominent online broker of limousine and towncar services. Among the some 850,000 customer records discovered were such illustrious names as Donald Trump, LeBron James and Tom Hanks as well numerous other wealthy and/or famous individuals. The data also included credit card information, pickup times and locations and even ID numbers of private airplanes used by this company’s customers. The records also included notes on customer behaviors and activities including a number of tidbits that could prove embarrassing or even potentially incriminating. Even if the data were to somehow avoid falling into the hands of police or tabloids, it’s highly likely that cybercriminals will have already cherry-picked many of the customer records for their potential use to fuel spear-phishing attacks and other focused cyber-espionage attempts on corporate and government targets.

What this means for you:

You may have enforced rigor and discipline in your own technology, to the point where you feel fairly confident that you can avoid most attempts to compromise your technology security, but the above points out an uncomfortable reality: you cannot control what information is being gathered about you whenever you interact with the rest of the world. You have two choices here: acceptance and vigilance – be watchful and cautious, and come to grips with the fact that 100% security is impossible, or move to a bunker in the wilderness, off the grid and completely isolated from society. However distasteful and infuriating the former may feel some days, the latter is just not a practical choice (or even possible) for most people.

adobebreachespionageHackingprivacysecurityspear phishing

Don’t Let Your Smartphone Autoconnect to Wifi Networks

  • 0
admin
Wednesday, 19 June 2013 / Published in Woo on Tech
Smartphone Security

Security researchers at Skycure have discovered another weakness in smartphone security, and this could impact you despite whatever security measures you’ve taken personally. Most smartphone operating systems, iOS and Android included, offer the ability to “remember” the SSID’s and passwords of Wifi networks you have accessed with your smartphone, and have the ability to automatically connect to that network the next time you are in range. Skycure has alleged that at least one major carrier, if not all of them, are also pre-programming certain SSID’s into phones straight from the factory, ostensibly to provide customers with a convenient connection with carrier-hosted or sponsored Wifi hotspots. For example, AT&T iPhones allegedly are shipping with the “attwifi” SSID preprogrammed into the phone, and will supposedly automatically join that wifi network, presumably in use by AT&T’s retail storefronts, if it comes across it.

Here’s why this is bad: hackers could spoof any SSID that you’ve set your smartphone to remember and autoconnect, and they’ve got a straight shot at your phone. Normally, this wouldn’t be a problem, as this requires guessing what SSIDs are stored on your phone, and then getting close enough to that phone with the spoofed Wifi network. But with the above, it would be trivial to sit in a crowded mall or any high-traffic walkway, scanning for AT&T iPhones, knowing that some, if not all, will autoconnect to a fake “attwifi” SSID without the owner ever being aware that they just got hacked.

What this means for you:

This exploit seems to be fairly new, and though Skycure claims to have seen this happening in the wild, it’s not widespread, yet. The best course of action is to disable the “autoconnect” setting for any wifi network you have used with your mobile device, whether it be smartphone, tablet or laptop. It will mean a few seconds of inconvenience anytime you are out and about and trying to get internet access, but it may mean the difference between keeping your cellphone secure or getting it hacked.

UPDATE: By default, Android phones will store SSIDs and passwords for any wifi network you add to your phone, and will automatically connect to that network whenever it is range. There is NO way to disable the autoconnect functionality built into the native Android settings. However, you can use an app to control automatic connections. I am currently testing this app, which is “free” but ad-supported. I’ve not tested it long enough to give a recommendation, but it does allow you to toggle the autoconnect functionality on or off per hotspot. On iOS devices, the only way to natively disable the “auto-join” feature is to actually connect to one of the pre-defined hotspots, eg. visit a local AT&T store, and then turn “Auto-join” off for that particular network.

autoconnectHackingiPhonesecurityspoofssidwifi

NSA Whistleblower: Endpoint Security is the Weakest Link

  • 0
admin
Tuesday, 18 June 2013 / Published in Woo on Tech
ID-10067190.jpg

In a public event hosted by the Reddit.com, infamous NSA whisteblower Edward Snowden answered questions posted by Reddit users on a variety of topics. Of particular note was his response to a question about whether encrypting emails would be an effective way to keep the NSA (or anyone else, for that matter) out of your business. Snowden’s response was both heartening and depressing at the same time:

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

What this means for you:

Imagine you want to send a package that contains some very valuable items to a friend on the other side of the world. You carefully wrap the items and then lock them in a briefcase, which is in turn handcuffed to an armored guard, who is then transported via armored truck to your friend’s house. He makes sure that the package is put into your friend’s hands and verifies that your friend is indeed who he says he is, and he even calls you to let you know that the package has been delivered safely. This is analogous to using email encryption to send an email to a friend.

Unfortunately, your friend’s house has a broken lock on the front door, and he carelessly leaves the valuable items in plain view of a window that is also unlocked. That’s analogous to the weak endpoint security Snowden at the end of his response.

In other words, it doesn’t matter how much security you engage on your end if your recipients don’t engage in the same level of security. To use another real-world analogy: cyber attacks are like water – they will flow into every nook and cranny, looking for a way in. It doesn’t matter if 99% of the surface it is covering is impenetrable. That last 1% provides the hairline crack needed to seep in and destroy everything from the inside.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

emailencryptionendpointHackingnsaprivacysecuritysnowdenwhistleblower
  • 1
  • 2
  • 3
  • 4
  • 5

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP