Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Apple at the front of encryption battle

  • 0
admin
Tuesday, 23 February 2016 / Published in Woo on Tech
Apple-logo.png

Apple made a big splash last week when CEO Tim Cook published an open letter in response to the FBI’s request and subsequent court order to hack the iPhone of the primary assailant in December 2015’s San Bernadino mass shooting. As one might expect, Mr. Cook basically told the government that they would not comply, and fortunately, they might be the one company that could afford to fight this battle in the courts. Though the tech industry has typically maintained a similar stance on device encryption, even the most staunch champions of digital privacy such as Google and Twitter have had suprisingly muted responses to the growing battle. Also revealing is a recent Pew poll that suggests while the tech industry may be largely united on device encryption and government backdoors, the American public isn’t quite sure what to think about this complex issue.

What this means for you:

Late model iPhones ship with encryption enabled by default, and as long as you enable some form of authentication on your device, the data on that device will only be accessible if you unlock it. Law enforcement can’t break the encryption, and Apple, by it’s own admission, cannot decrypt your phone’s contents with out the proper authentication, even if the phone owner asks them to do so. If someone tries too many times to guess your pin, the device will be automatically wiped – no intervention from Apple or your carrier is required. The FBI is demanding Apple create a way for them to unlock the iPhone of the San Bernadino shooter, which if Apple were to actually accomplish such a feat, could theoretically allow anyone with possession of this backdoor to decrypt any iPhone protected by similar technology. Like the atomic bomb, the development of this backdoor cannot be unmade, nor will it remain only in the hands of the “righteous”. While the data on the SB shooter’s phone may prove useful in providing some closure to the incident and may even help further other domestic terror investigations, it’s easy to see that the FBI means for this case to set a precedent that will give them unfettered access to an area that has traditionally been protected, both by law and by technology.

AppleencryptionFBIgovernmentprivacysecurity

Microsoft addresses privacy concerns

  • 0
admin
Wednesday, 30 September 2015 / Published in Woo on Tech
microsoft-logo-2013.png

The launch of Windows 10 saw a marked increase in the amount of data the OS collected and sent back to the Microsoft mothership. Despite the general hue and outcry from privacy watchdogs, Microsoft actually doubled-down on this practice shortly after the Windows 10 release and extended this “feature” to Windows 7 and 8 as well. Given that Windows 10 hit 100 million installs in record time, and with a worldwide goal of 1 billion installs in 3 years, Microsoft seems to have decided to break their stony silence on the growing privacy concerns before they hit critical mass. Vice President Terry Myerson confirmed via the Windows Blog that Microsoft is collecting two types of data, and then goes on to mention a set of data they specifically don’t collect, but other platforms (ie: the competition) do.

What this means for you:

The data Microsoft collects from every Windows 7, 8 and 10 computer falls into two buckets they name as “Reliability & Performance” and “Personalization”. The first type of data has actually been collected for years: remember those blue screens of death that plagued our Windows existence? Depending on how your computer was configured, whenever that garish specter showed its ugly face, your computer was compiling an error report that could be sent to Microsoft, ostensibly to catalog and analyze your crash. Assuming enough of those reports came in on the same bug, they would construct a patch that would be rolled into one of the many OS updates applied over the years. Where in previous OS versions this data seemed to be largely compiled and ignored, Microsoft has taken a much more aggressive and proactive approach with the Windows 10 data being collected, and using it to quickly fix issues, improve performance and to add features that users are missing. The important difference now versus years previous was whether or not you had a choice in letting Microsoft see this type of data collected from your computer. From this point forward, you can only adjust the detail of data submitted, but cannot opt out (except by completely disconnecting from the internet forever). According to Microsoft, the data is anonymized, transmitted securely and can never be tracked back to a specific person or machine.

The second set of data (from which you can opt out) is used to feed Microsoft’s digital assistant Cortana (named after a videogame character from the Halo franchise). Microsoft’s answer to Apple’s Siri and Google’s Now services is still very new and untested, but shows similar promise in helping Windows 10 users get more from the new OS if they like that sort of thing. The key to these types of services is their ability to build a personal knowledge graph of the user which can be based upon just about every aspect for which a computer or mobile device is used, including location, age, gender, contact lists, favorites, browser & shopping history and so on.

Don’t want Cortana (Microsoft) creating a profile on you? Head to the Windows menu (the one they brought back in 10, remember?), click “Settings” and then “Privacy”. Get settled in to review every entry and adjust to your sense of privacy is somewhat restored, at least as far as Windows 10 is concerned.

data collectionmicrosoftprivacywindows 10

MS pushes Windows 10 whether you want it or not

  • 0
admin
Tuesday, 15 September 2015 / Published in Woo on Tech
The first one is always free

By all accounts, the launch of Windows 10 is probably Microsoft’s most successful release since Windows 95. From an IT professional’s perspective and given Microsoft’s history with OS launches, this is definitely the least troubled release since Windows 7 (2009). Despite this, I have gathered enough feedback on the upgrade process, both through my own and client experiences as well as reports from around the web, to not recommend it YET for my clients’ business machines, especially if they are operation-critical devices. While the upgrade process seems to go relatively smoothly and painlessly, the actual problems start to crop up after the process finishes and you attempt to get back to work. Historically, operating systems have never worked well on Windows machines, and while 10’s experience seems to improve on Microsoft’s track record in this area, it’s still a risky path at the moment. Unfortunately, despite my recommendation (one shared by many other pros in the business as well) to avoid upgrading your Windows 7 or 8 machine, Microsoft is essentially forcing you to download a copy anyways, whether you plan to upgrade or not.

What this means for you:

Depending on the amount of free space on your hard drive and bandwidth usage cap of your internet connection, this may be no big deal, especially if you do intend to upgrade to Windows 10 at some point. Microsoft sneaks the package onto your machine via Automatic Updates and stores the 3-6GB download in a hidden folder called “$windows.~BT” (the $ hides directories in Windows and is not a wry, insiders joke made by greedy MS programmers). It will do this even if you have been studiously ignoring the pesky system tray app that constantly reminds you that your free Windows 10 upgrade is just waiting to be installed. According to Microsoft, this is by design and ostensibly done to make the process quick and easy:

For individuals who have chosen to receive automatic updates through Windows Update, we help upgradable devices get ready for Windows 10 by downloading the files they’ll need if they decide to upgrade.

To be fair, some folks (rather impulsively in my opinion) seem to make the decision to upgrade to Windows 10 on the fly, possibly because of the way Microsoft has relentlessly pushed the new OS.

Unfortunately, if you choose to use Automatic Updates (and you should unless your technology is managed by an in-house IT department, at which point they will make that call depending on organizational policy), then you can’t avoid this download without some messy registry hacking and fussing with your computer. I can hear some of you scoffing, “6GB? Who doesn’t have room for 6GB?!” Well, 128GB SSD laptop users for one, and I know many, many folks running older computers with smaller 250GB hard drives that are on the edge of being completely full. On top of this, many folks use cellular broadband on their laptops, and this sizeable “update” could easily push their bandwidth allotment over the edge. While I applaud Microsoft’s forced march towards a modern operating system on all Windows machines (see “The World Still Clings to Windows XP”), this heavy-handedness on top of the privacy concerns has me revising my ranking of this release lower and lower.

forced updatemicrosoftprivacywindows 10

Ashley Madison searchable data wreaks havoc

  • 0
admin
Wednesday, 26 August 2015 / Published in Woo on Tech
Can't keep this one quiet

Remember a couple weeks ago when the adultery website Ashley Madison and assorted “sibling” sites were hacked? The alleged hackers were holding the data hostage and demanding (parent company) Avid Life Media be held accountable for what the hackers claimed was the fraudulent business practice of offering website “patrons” the opportunity to pay have their data completely erased. The data has been released (including the supposedly erased data), it is now searchable thanks to websites like Have I Been Pwned, and it’s wrecking lives like, well, a proverbial home-wrecker. It doesn’t take much imagination to envision why this is happening – marriage as an institution in America has been on some fairly rough ground lately, but you don’t come to this blog for that kind of gossip…

So here’s my IT angle on the whole mess:

  1. Just one, simple piece of data in the wrong place at the wrong time can be a game changer. In the case of the above, finding someone’s email address in the database separate from any other context can utterly destroy trust. And this doesn’t have to be a spouse or a family member: it can be a congregant, constituent, employee, employer, customer, client, prospect, competitor, adversary or worse – a true enemy. Many have said that their accounts were created for research (I didn’t even put that in quotes), and many probably were and even have official documentation backing up that claim, but when data is released without context, the victims don’t have any control over how the data is viewed or used.
  2. Most agree that Avid Life Media’s IT team had more that adequate protections and data encryption in place, but like every other business, they were fighting a losing battle. As I’ve said repeatedly (as has most of the industry), the current battle against digital intrusion is a war of attrition, and the attackers have the upperhand. They only have to succeed once to win, but we, in defending our organizations, cannot stumble even once. In case you are having trouble envisioning why this is, imagine a game of soccer where you are the goalie and the hacker is the other team. It’s just you versus the entire team, and there are multiple balls in play. They only have to score once to win. You, on the other hand, can only hope to get one of the opposing team out on penalty to slow them down, but guess what? They have a rather deep bench. And there are no time outs.
  3. Do your employees or vendors have access to data or systems to which they shouldn’t? Some believe the hack was an inside job. Keep in mind that you have to trust someone at some point to manage your security. Though it may be difficult or even painful to examine your operations for disgruntled employees or customers, unethical or inhumane practices reap as they sow, as Avid Life Media is perhaps experiencing first hand.
  4. Things done on the internet can never be erased. Even if you pay someone to do so, and they make an honest attempt at it, the internet never forgets. Want to keep something secret? Keep it as far away from the internet as possible. Can’t (or won’t) do that? Count on it not being secret and at least you’ll be prepared for when it does become public. Also, there are very few levels of obscurity on the internet, in most cases, things are merely forgotten or overlooked, but they never truly disappear from view.
  5. Privacy and security are hard won, and increasingly so as time progresses. Expect the costs of maintaining these things to continue to rise.

With all the recent, high profile hacks it’s hard to not be a “Debbie Downer” when it comes to the current state of security and privacy – but don’t fool yourself into thinking that things aren’t as bad as they might seem. Taking a realistic view on internet privacy and security is important in achieving a balanced perspective when making decisions on what to spend (both in dollars and energy) on defending yourself and your business. It’s not the end of the world. Not nearly. But it’s rough out there, and likely to get worse before it gets better. Be prepared, be realistic: plan for the worst and hope for the best.

 

ashley madisondata breachhackprivacysecuritytrust

Who hacks the hackers?

  • 0
admin
Wednesday, 08 July 2015 / Published in Woo on Tech
Who's hacking who?

Today’s headline alludes to a concept perhaps as old as civilization itself. Plato expressed it as, “Quis custodiet ipsos custodes?” Who will watch the watchers? In a spectacular demonstration of what a well-executed hack can do, an unknown hacker has virtually imploded the operations of a digital surveillance company known (ironically now) as Hacking Team. Despite the rather colorful name, this Italian security company has contracts with dozens of government agencies from all over the world, including the United States. Their product? Essentially spyware for conducting remote surveillance and other covert digital operations. The unknown hacker taunted the company and its employees by taking over Hacking Team’s Twitter account and began sharing extremely sensitive internal files through tweets purportedly coming from the company itself. Once the breach was discovered, Hacking Team contacted its clients and strongly recommended they cease using any of the company’s software. Given the general public distaste for Hacking Team’s type of software and the amount of daylight this shines on its customers, its highly likely that very few contracts will be renewed, leaving the company’s future in very uncertain terms.

What this means for you:

Unless you happened to be on the list of Hacking Team customers, there’s not a lot you need to worry from your own organization’s perspective. However, as a citizen of a supposedly democratic nation, you should be concerned about how our government agencies conduct themselves. Should law enforcement agencies be allowed to break the law in order to do their jobs? Who will watch the watchers? Are those people (I’m talking about Congress now) qualified to make proper decisions when they barely understand how the Internet works? To translate this into more relatable (and actionable) terms, do you understand enough about your own organization’s security and technology to make informed decisions on what to buy, what to use, and who to hire? In the case of Hacking Team, it appears that the hacker breached the company through the personal computers of its own system administrators, an irony within an irony. Are you adhering to the security standards to which you hold your own employees accountable?

governmenthackersHackinghacking teamprivacysecurityspywaresurveillanceTwitter

Anthem hacked – 80 million customers exposed

  • 0
admin
Wednesday, 11 February 2015 / Published in Woo on Tech
Anthem Hacked

If you didn’t hear it on the news, you probably got an email from Anthem letting you know that your personal information has been exposed in a massive data breach that impacts over 80 million people served by the medical insurer. According to Anthem’s own website established to address this breach, no medical records or credit card information was stolen (that they know of) which is a faint blessing in the face of what was stolen: names, addresses, birthdates, social security numbers, phone numbers, email addresses and employment history. In other words, everything a thief needs to steal your identity.

What this means for you:

As before with other large data breaches, there’s not a darn thing you could have done to protect yourself from the attack. If you just happened to not be a current or former Anthem-covered individual, it’s likely your information was stolen previously in any of the numerous other breaches from last year. Anthem will be offering free credit monitoring to all affected individuals, something that is going to sting their deep pockets signicantly, but will do little good in the long term. Why? Well, unlike credit card numbers, addresses or phone numbers, 80 million people aren’t going to change their names, dates of birth or social security numbers. Identity thefts can outwait the one year of monitoring (still unconfirmed, one year is my guess) that Anthem will provide. You can bet a large number of people won’t continue that service on their own dime, but you might want to consider factoring this type of fee permanently into your annual budgets. Or at least until someone can figure out how to secure our identities and credit better.

From a business standpoint, Anthem’s plight illustrates an important lesson. Though current legislation recommends this sort of data be encrypted, it is not a requirement. Shouldn’t Anthem have taken the extra step to protect your data? Does the government need to mandate common sense and best practice? Will Anthem’s current nightmare convince you to enforce more strict security practices in your own work and personal life? I don’t think you need me to tell you that if you want a prosperous and sustainable business protecting your sensitive data is no longer a recommendation, it’s a requirement.

anthembreachidentity theftprivacysecuritysensitive personal information

Office365 Subscribers get unlimited cloud storage

  • 0
admin
Monday, 27 October 2014 / Published in Woo on Tech
Office365 Logo

In the ever-escalating cloud services arms race, Microsoft just trotted out a whopper of a one-up over just about everyone in competition: Microsoft’s OneDrive VP just announced on the OneDrive blog that all Personal, Home and Education Office365 subscribers will have access to unlimited cloud storage for no additional cost. Lest you feel left out in the cold, business subscribers, Microsoft has plans to extend your storage in a similar fashion in 2015. All a part of its master plan, Microsoft envisions a future where everything is done in the cloud, and they want to make sure you are firmly rooted in their ecosystem.

What this means for you:

Before you rush off to move all your files to the cloud as Microsoft suggests, you should consider the implications. Cloud storage of any type is a double-edged sword: on the one hand, once you get your data uploaded, you can (supposedly) stop worrying about mechanical failures, such as hard drive crashes and sending your USB thumb drives through the wash. Another great benefit is your data is essentially accessible from anywhere on the internet. Setting up technology to provide this type of of service is not trivial. Even when you are as big as JP Morgan, it’s still possible to misconfigure your servers, so having a provider who is (probably) an expert at this is better than trying to do it yourself, especially if your company can’t afford a full-time IT professional.

On the other hand, your data is now stored on hardware (and a service) over which you have very little control, and which requires an internet connection. There is also the possibility that your data could be accessed without authorization, either by hackers who manage to penetrate the services security, or by the provider itself, who may be subject to government subpeona, or even by a provider employee with malicious intent.

Given the two sides of this very sharp sword, one must make a reasoned decision about whether to employ cloud storage as part of your technology profile. The most important factor will be the type of data you are planning to store: if any of the alphabet-soup laws apply (HIPPA for example), you may be severely limited in what you can legally store on a cloud-based service. Even if the laws don’t seem to directly apply, consider the consequences if any of your data were to be exposed on the internet for anyone to see: would it be damaging to your business or your clients? If so, you may want to rethink whether the cloud is ready for you.

clouddatahippamicrosoftoffice365onedriveprivacysecurityunlimited storage

Chinese iPhone users being hacked

  • 0
admin
Tuesday, 21 October 2014 / Published in Woo on Tech
eyePhone

According to security and censorship watchdog Great Fire, the latest iPhone just made its debut in China, and already new owners are being hacked by what appears to be a state-sponsored “man in the middle” attack. Though there have been many other allegedly government-backed attacks on US-based companies, presumably for commercial or political gain, this appears to be aimed at gaining iCloud identities of its own citizens, and its hard to not draw a dotted line to the recent Hong Kong protests, images and news of which were widely disseminated by mobile devices like the iPhone.

What this means for you:

Unless you are a Chinese citizen that has somehow managed to find your way to this modest blog, this particular event won’t have much impact on you. The hack is actually being perpetrated by China’s “Great Firewall” and only affects a specific, Chinese-only browser called 360 Secure Browser made by a company called Qihoo. Use of this browser is apparently mandatory for all education institutions in China. Seeing as other browsers not under the control of the Chinese government like Firefox and Chrome appear to be unaffected by the hack, it’s hard not to jump to some obvious conclusions. While the more conspiratorial among you may whisper that the American government is only a few steps behind the Chinese in this egregious breach of privacy, it’s important to note that unlike China, US-provided internet is not gated by a single, government-controlled firewall like China’s Great Firewall, nor our are students and teachers mandated to run a (allegedly) state-backed browser. However, this does not mean you should be less vigilant in protecting your security and privacy, as its quite apparent that US agencies like the NSA have no problems snooping on its citizens anyways.

360 secure browserAppleChinahackiPhoneman in the middleprivacyqihoosecurity

Data breach of hospital network exposes 4.5M patients

  • 0
admin
Tuesday, 19 August 2014 / Published in Woo on Tech
CHS Hacked

Four and a half million patients treated within the hospital network Community Health Systems now have something else to worry about aside from having to see a physician: identity theft. The 28-state network revealed today that its servers had been breached by Chinese hackers who gained access to CHS patients’ names, birthdates, social security numbers, phone numbers and addresses, every bit of data a criminal would need to perpetrate a robust identity takeover. The hackers did not gain access to credit cards or clinical records, which may only serve as a small consolation to this egregious breach of privacy.

What this means for you:

CHS operates primarily in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee and Texas, so if you’ve received medical treatment in one of those states any time since records became computerized, you might be affected by this data breach. As opposed to the widely publicized (but not yet independently verified) Russian hacker haul of 1.2 billion passwords, changing a few passwords isn’t going to help you if you are one of the 4.5 million affected by the CHS data leak. Supposedly, CHS is planning to offer some form of Identity Theft monitoring, which, depending on the level of patience and fortitude you have, may be worth accepting. The alternative – manually monitoring your credit for bogus accounts being opened – can be time-consuming and tedious.

Even if you aren’t impacted by the above – are you keeping a close eye on your credit history? Keep in mind that Credit Monitoring services only do just that – monitor. They can’t prevent criminals from attempting to hijack your credit via bogus credit and loan applications. They will warn you about the attempts, and at best, provide some assistance in working with the 4 credit agencies to rectify the damage. And even unsuccessful attempts ding your credit history, adding injury to insult in this case.

breachcredit historyhackedmonitoringpatient dataprivacy

Internet-enabled appliances weak on security

  • 0
admin
Tuesday, 05 August 2014 / Published in Woo on Tech
Risks vs. Rewards

When it first occurred, connecting things to the internet seemed more like a gimmick than anything practical. Remember that fridge that was supposed to know when you need to buy more milk and would email you a reminder? Even though that particular concept still hasn’t really caught on (though it should!) plenty of other things in our houses and workplaces are connected to the web, to the point where we don’t even consider it gimmicky anymore. Cars that can be started via an iPhone app? Sure! Security cameras that text you when they detect motion? Why not? How about thermostats and lighting that can be adjusted via wifi? Done! Except for a “little” problem: this growing “internet of things” is just as bad (if not worse) at security as the rest of the internet. A security study by technology giant HP took a look at the 10 most popular internet-enabled devices and discovered each device had at least 25 security vulnerabilities that could lead to terrible things.

What this means for you:

Most of my clients have a healthy respect (if not fear) of the internet and its tireless ability to invade your privacy, and typically make more informed choices than the general public, but as more and more devices come “connected” right out of the box, it’s easy to fall into the convenience trap of plugging the thing in and moving on to the next item on the to-do list. What this will eventually mean is people are surrounding themselves with devices that, taken as a whole, can provide an incredible amount of detail about their supposed “private” life. And those devices are all connected to the internet. Unless manufacturers starting upping their security standards (or the market forces them to), we may all find ourselves living a rather exposed existence. So the next time you are considering a device that is “internet” enabled, consider whether or not you are ready (and willing) to understand exactly how that device secures itself from hacking, and whether its worth the convenience.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

HackingHPinternet of thingsprivacysecurityweb
  • 2
  • 3
  • 4
  • 5
  • 6

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP