Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Add Hacked Femtocells to the List of Security Risks

  • 0
admin
Tuesday, 16 July 2013 / Published in Woo on Tech
Smartphone Security

Depending on where you live or work, you’ve probably experienced problems with cellphone coverage for one or more carriers, usually due to your geographical (lack of) proximity to a cell tower, or courtesy of construction materials like concrete, lead and steel in between you and your signal. Thanks to the advent of widely available broadband, cellular providers have been able to build small devices called femtocells that can be connected to your internet connection and will significantly improve cellular signal for a specific carrier in a limited range.

While seen as a godsend for the cell-strength deficient, we also now have to regard them as a security risk, thanks to research performed by analysts at iSEC Partners who have allegedly hacked a Verizon network extender to allow them to eavesdrop on any phone call, text message or other information transmitted from the phone through the compromised femtocell. The researchers plan to publicize their findings at the upcoming Black Hat Conference in August, but have declined to share details for obvious security reasons.

What this means for you:

Unfortunately, you can’t tell your cellphone what radio signal source to use. It’s designed to look for the strongest signal and use it. The iSEC researchers claim it would be trivial to build a portable and unobtrusive hacked network extender and place it in a strategic location to capture confidential calls. If you are in the business of confidential information, you probably already know not to take sensitive calls where ever you might be overheard, and if you are a well-informed adult, you probably already know that the NSA could eavesdrop on your conversation regardless of what cell tower was handling your call. But now we are talking about a commercially available device that is cheap, portable, and apparently, hackable. As before, consider carefully the medium you choose for the delivery of your sensitive information, and when in doubt, err on the side of caution rather than convenience.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

cellularfemtocellhacknetwork extenderprivacysecuritysmartphoneverizon

Facebook Graph Search Has Arrived

  • 0
admin
Tuesday, 09 July 2013 / Published in Woo on Tech
Facebook Logo

Back in January of this year, I wrote about Facebook’s impending Graph Search feature (“Facebook Graph Search Cutting Bait for Phishers“) which was set to greatly improve its existing feeble search engine as well as outrage privacy watchdogs. Based upon the feedback the developers received from the small test group to which it was originally released, Facebook went back to the drawing board, and have now decided that Graph Search is ready for its debut.

Unlike the search engine we all know and use, Facebook’s new search engine will rely heavily on the various layers of data that it has accumulated on it’s millions of users, allowing you to perform searches that list “friends who like trucks and football” or “single women in Los Angeles who like Ethiopian food”. Obviously, the results are heavily dependent upon how much information everyone shares about themselves on Facebook, but Facebook is confident that the results will be eye opening.

What this means for you:

If you haven’t heard me mention it before, there’s no better time than the present to log into your Facebook account and check your privacy settings, even if you don’t use it often, or you haven’t updated your profile since you created the account oh so many years ago. If you haven’t logged into Facebook in the past year, they have made a lot of changes to settings and security that will probably bewilder the savviest of users. I linked a guide written by the EFF on Facebook’s privacy settings here: “Tighten Up Your Facebook Security”, and Facebook is also taking a more proactive approach by warning you when you log in that Graph Search is coming and provides you a link to your privacy settings.

facebookgraph searchprivacysecuritysettings

Facebook Has Another Facepalm Security Incident

  • 0
admin
Wednesday, 03 July 2013 / Published in Woo on Tech
Facebook logo

Remember last week when I reported on a “small” privacy blunder committed by Facebook and their data portability app? Security software maker Symantec announced over the weekend that they noticed Facebook’s Android app behaving inappropriately, to the tune of uploading the phone number of the device to Facebook’s servers the first time the app is installed and launched, prior to any logins or other interaction by the phone owner. According to Facebook, they never used this information, and have since deleted it from their databases. Seeing as the Android Facebook app has been downloaded by several hundred million people, up until this “bug” was discovered and remedied, several hundred million people had their phone numbers harvested by Facebook without their explicit permission.

What this means for you:

Maintaining control over the privacy of your personal data requires constant vigilance on your part, and trustworthiness on the part of those who are requesting the use of your data. In this specific instance, a list of several hundred million mobile numbers isn’t very useful without any other meta data, but it highlights the larger issue at hand: can Facebook be trusted to be good stewards of your personal data? Should they have ever been trusted to the extent that most people have up until now? Recent events should put a great deal of caution into even the most open social networker, and should serve as a red-flag warning to everyone. Organizations are only as good as the people who run them. Apps are only as good as the people who program them. If your privacy is important to you, pay close attention to how others respect that privacy. Don’t reward bad or careless behavior with your dollars or loyalty, and don’t let inertia alone keep you from making informed choices.

FYI: “Facepalm”: http://en.wikipedia.org/wiki/Facepalm

Androidfacebookleaknorton mobileprivacysymantec

New Child Privacy Rules in Effect Today

  • 0
admin
Tuesday, 02 July 2013 / Published in Woo on Tech
Privacy sign

After four years of research and debate, the Federal Trade Commission has updated the Children’s Online Privacy Prevention Act with much stricter rules that hit internet advertisers right in the moneymaker. Written originally in 1998, COPPA was enacted to protect minors under the age of 13 by requiring any company collecting data on that demographic to adhere to strict privacy protection guidelines as well as putting well defined limits on advertising and marketing targeting minors. Since 2000, when it first went into effect, the internet and online advertising has changed significantly, and the FTC has amended COPPA, over the strenous objections from the industries affected.

What this means for you:

Whether you are a parent or an organization who markets to this particular demographic, you should take a moment to understand how COPPA may impact you. The new rules have been expanded in the following ways:

  • The guidelines now include a wide range of digital media and devices, including smartphones, tablets, mobile gaming devices and mobile apps.
  • The definition of “Personal Information” (previously only protected was the child’s name, address and email) has been expanded to cover a larger variety of data types including: geolocation, photos, videos, recordings, screen names and cookies. Just about anything that could be used to identify or track a child has been included.
  • Any organization or platform must ask permission from a parent or guardian before collecting the information, and must include links to an official privacy policy governing the use of that data.
  • In the case of any organization collecting information without consent, parents and guardians have a right to receive a full description of what was collected on their child and also the right to have that info be deleted immediately.
  • Targeted advertising that is based on a minor’s online data profile are no longer permitted without parental/guardian consent.

The trick, of course, is paying attention to what your child is doing online, and especially to what they are seeing onscreen. Advertisers are extremely clever, and this segment of the market is extremely valuable to them. The howls of protest will soon subside as they devise even more subtle ways to get parents to open up their wallets. Caveat Emptor!

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

advertiserschildrencoppaftcmarketingminorsparentsprivacytargeted

Facebook App Bug Exposes Questionable Data Practices

  • 0
admin
Monday, 24 June 2013 / Published in Woo on Tech
facebook-logo.png

Facebook offers its users the ability to upload your email contact list, presumably so you can discover which of your friends are on Facebook (that you haven’t already befriended). Once you’ve done this, you also have the ability to download those contacts via an archiving tool called DYI (Download Your Information), that delivers this information via a simple HTML file. Unfortunately, an unintended “bug” in DYI exposed a rather distasteful (though expected) Facebook practice called data correlation. Here’s what happened:

Say you uploaded a contact “[email protected]” to Facebook, but that’s all the data you had on Mr. Smith: just his email address. Another Facebook user also knows Mr. Smith, but also happened to have his phone number and mailing address as well. Facebook’s data correlation practices stores all data on John Smith, regardless of who uploaded it, in a single record, creating a comprehensive data profile on Mr. Smith. See where this is going? Before they fixed this bug, when you went to download your contact info via DYI, not only would you get the email address you knew about, you’d also get any other contact information uploaded by other users, even if you didn’t know the other person who uploaded the contact info about John Smith! 

According to Facebook, this data correlation is done to make “Friend” recommendations to you based upon everything it knows about an individual, across its entire store of information.

What this means for you:

It’s not clear whether Facebook intends to notify any of the six million individuals who are affected by this bug, and supposedly this has been fixed so that Facebook users only have access to the data they uploaded minus the data correlation ties Facebook makes in its internal database. According to Facebook, this security bug wasn’t exploited intentionally or maliciously, and it wasn’t possible for anyone using the tool to access information about users they didn’t already have some form of contact info on already.

This does highlight a larger privacy issue that probably won’t be resolved anytime soon, but has been ongoing for Facebook ever since it first appeared. Your friends have access to your PII (Personally Identifiable Information) and regardless of your own personal wishes, you have no ability to control whether or not they share that information, on Facebook or any other social networking site. As is always the case, if you are concerned with the visibility of your personal information on the internet, do regular searches on your name via Google to see what comes up in public, and work back towards the source to remove that information if necessary. Unfortunately, the Internet never forgets, and there is no “100% guaranteed erase” button, so its sometimes impossible to completely remove that data from public view.

bugdata correlationdyifacebookpersonally identifiable informationpiiprivacysecurity

NSA Whistleblower: Endpoint Security is the Weakest Link

  • 0
admin
Tuesday, 18 June 2013 / Published in Woo on Tech
ID-10067190.jpg

In a public event hosted by the Reddit.com, infamous NSA whisteblower Edward Snowden answered questions posted by Reddit users on a variety of topics. Of particular note was his response to a question about whether encrypting emails would be an effective way to keep the NSA (or anyone else, for that matter) out of your business. Snowden’s response was both heartening and depressing at the same time:

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

What this means for you:

Imagine you want to send a package that contains some very valuable items to a friend on the other side of the world. You carefully wrap the items and then lock them in a briefcase, which is in turn handcuffed to an armored guard, who is then transported via armored truck to your friend’s house. He makes sure that the package is put into your friend’s hands and verifies that your friend is indeed who he says he is, and he even calls you to let you know that the package has been delivered safely. This is analogous to using email encryption to send an email to a friend.

Unfortunately, your friend’s house has a broken lock on the front door, and he carelessly leaves the valuable items in plain view of a window that is also unlocked. That’s analogous to the weak endpoint security Snowden at the end of his response.

In other words, it doesn’t matter how much security you engage on your end if your recipients don’t engage in the same level of security. To use another real-world analogy: cyber attacks are like water – they will flow into every nook and cranny, looking for a way in. It doesn’t matter if 99% of the surface it is covering is impenetrable. That last 1% provides the hairline crack needed to seep in and destroy everything from the inside.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

emailencryptionendpointHackingnsaprivacysecuritysnowdenwhistleblower

No Facial Recognition in Google Glass…for Now

  • 0
admin
Tuesday, 04 June 2013 / Published in Woo on Tech
Google Glass Logo

Proving that sometimes our Congress people come by their paychecks honestly, a bi-partisan privacy caucus led by Joe Barton (Rep. TX) sent a list of questions to Google’s CEO Larry Page, asking him point blank about several privacy issues, including whether or not Google would allow the use of facial recognition technology on the device.

Supposedly, Google has maintained from the start that facial recognition would never be implemented without “strong privacy protections in place.” In a Google+ post Friday, they reiterated this position and stated that Google “…won’t be approving any facial recognition Glassware at this time.”

What this means for you:

By default, Android OS-based devices can only install software via Google’s Play store. Software distributed via Play must go through Google’s approval process, much like apps on Apple’s iTunes store, so you can assume that Google will be true to their word and prevent distribution of facial recognition apps simply by not approving them. However, unlike iPhones, many versions of Android allow “sideloading” of apps with a simple settings change. Sideloading in the Android ecosystem is well established – Amazon.com has an app store that requires sideloading to be enabled, and instructions for enabling this capability are easily found on their website and many, many others.

Bottom line: this is yet another Pandora’s box that won’t be closed. Facial recognition is a reality, and portable, undetectable devices capable of performing this function are only a step away from today’s consumer technology. Technology (and scientific progress in general) advances despite legal or cultural ramifications. One could argue that society only advances in light of controversial technologies like Google Glass. We are only beginning to glimpse the potential of an always connected and much less private world. Google Glass is only one step in a long, uphill climb.

amazonAndroidApplecongressfacial recognitionglassGoogleiPhoneitunesplay storeprivacysecurity

Google Glass coming whether you like it or not

  • 0
admin
Wednesday, 08 May 2013 / Published in Woo on Tech
Google Glass Logo

If you’ve spent any time on the internet lately, you likely know that Google’s latest innovation, “Glass” is already in the hands of the media and developers, and will soon be available to the general public. While the concept of wearable computers is not new – the earliest prototypes appeared over 30 years ago – Google’s sleek device has been giving privacy advocates fits since it was announced. Now that Glass is actually appearing “in the wild” as developers and media put the device through its paces, it’s getting pre-emptively banned by businesses, and in some cases, entire states are seeking to regulate its use.

As you might imagine, a device that can (relatively) unobtrusively record video and audio of anything in sight of a Glass wearer, on top of being able to access the vast data stores of Google’s indexed information, has many people understandably concerned. Cameras and recording devices are already banned in places like Las Vegas casinos, and organizations like Caesers Entertainment have extended their policies to explicitly include Google Glass in anticipation of the device’s arrival, as have numerous bars and other businesses, some merely for the publicity, but many for serious privacy concerns for their patrons and businesses.

What this means for you:

Whether or not you ever intend to use Google Glass or something similar, you’ve already been through a social revolution, and you might not have realized it. Remember when cellphones first started appearing with cameras? Remember when laptops first started shipping with webcams built into the lid? Devices that can be used to record others without their knowledge have been used in modern society for decades. Google is not the first to open this particular Pandora’s Box – the cows have long since fled the barn. Google Glass is fairly easy to spot now, but the technology will only improve (read: get smaller and harder to spot) and we will soon have wearable computers that are completely indistinguishable from a regular pair of glasses or sunglasses. We will get to a point that we will not be able to tell whether someone is digitally augmented, and societal conventions will have to adopt to the new standard, just like they have with smartphone cameras.

banculturegoogle glasslegislationpolicyprivacysmartphones

CISPA Fight Heating up on Capitol Hill

  • 0
admin
Wednesday, 17 April 2013 / Published in Woo on Tech
Data Privacy

The controversial CISPA (Cyber Intelligence Sharing and Protection Act) proposal has passed committee review and is heading to the Senate for a vote, despite a clear warning from the Obama administration that it would VETO the proposed law. Unlike the equally controversial SOPA (Stop Online Piracy Act) backed by media companies and defeated through vigorous and coordinated protests from the technology industry, CISPA has divided the technology industry. Many large companies like IBM, AT&T, Oracle and Verizon backing it, while other, equally sizeable companies like Facebook, Microsoft, Google and dozens of activist organizations oppose the bill on the grounds that it doesn’t do enough to protect the privacy of US citizens.

What this means for you:

In case you are confused as to how CISPA might impact you or your business personally, here’s a summation of what the bill proposes: This law would allow telecommunication companies to share data with governmental agencies for the purposes of combatting terrorist or criminal activity, overriding any local laws that would prohibit such sharing. According to supporters, law-abiding citizens should have nothing to worry about, but opponents contend that on top of very weak protections for citizen privacy, there is nothing in the bill that would protect citizens from potential abuse by the various intelligence agencies who could amass an inconceivably comprehensive database from the information gained by CISPA. Regardless of which side of the privacy fight you stand on, it behooves you as a US citizen to be aware of where you stand on this issue, as well as encouraging everyone around you to participate as they can in helping our government come to terms with this problem.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

attCISPAcongressfacebookGoogleibmlegislationmicrosoftoraclepoliticsprivacySOPAverizon

Law Enforcement wants SMS texts retained

  • 0
admin
Tuesday, 19 March 2013 / Published in Woo on Tech
I want your texts!

Technology lobbyists have been pushing for reform of the 1986 Electronic Communications Privacy Act for years, primarily to address the multitude of shortcomings, loopholes that couldn’t have been predicted almost 30 years ago. Law enforcement has also jumped onto the bandwagon, having recently submitted a rider proposal that would be attached to any changes proposed to the ECPA. Their objective? To get cellular providers to retain all the text messages passing through their network, primarily for the purposes of investigating criminal activity. Currently, most providers say they do not retain the actual text messages centrally, and smartphones by default are not designed to retain text messages long term, but each provider appears to have different policies governing exactly how much data is retained, and how long. This inconsistency troubles some lawmakers, and enforcement has long held that criminals purposefully use SMS as an “untraceable, untrackable” communication method.

What this means for you:

A proposal is a long way from actual law, but many privacy advocates and watchdog groups say a rider proposal like this could hamper much needed changes to the decades-old ECPA by weighing down progressive proposals with Big Brother agendas that most technology companies find distasteful, if not diametrically opposed to in their publicy stated values – think Google’s “Do no evil” policy. The fight for privacy continues to carry into new areas everyday, but the SMS fight could be a huge battle: six billion text messages are sent everyday. Privacy issues aside, imagine having to figure out how to store this information in a way that is useful, let alone subpoenable!

Electronic Communications Privacy Actlaw enforcementlegislationprivacysmartphonessmstexting
  • 4
  • 5
  • 6
  • 7

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP