Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Trojans targeting Password Managers

  • 0
admin
Monday, 24 November 2014 / Published in Woo on Tech
Password Managers targeted

If you’ve been following my advice on securing your technology, one of the steps you’ve taken was to use unique, strong passwords for all your critical online accounts. If you have more than 2-3, you might also be using software known as a “password manager” which allows you to store your complex, hard-to-remember passwords in one place, secured by a master password. Examples of these include Lastpass, 1Password, Roboform, and Passpack (the one I use). Security analysts at IBM Trusteer have now identified a new form of malware that specifically targets password managers, turning on a keylogger when it detects the program being launched, with the intent of capturing your master password, and thereby gaining access to everything stored within.

What this means for you:

Though this particular malware isn’t widespread yet, it has the potential to cause devastating harm to compromised individuals, if only because it gives the hacker focused and confirmed access to every account stored in that particular password manager. As is always the case, security is only as strong as the weakest link, and 9 out of 10 times we humans are the weakest link. This form of attack requires a particular type of keylogger and trojan infection, so don’t discontinue use of your password manager unless you have reason to suspect you’ve been compromised. While there are no guarantees, you are much less likely to fall victim to a trojan attack like this if you have legitimate, updated anti-malware running on all your internet-connected devices and keep your operating system updated. Constant vigilance is also required: don’t open strange email attachments, carefully read/avoid pop-ups, and always have an experienced IT professional on speed dial. 

Note: if you are still running Microsoft XP in your environment, you are putting your whole organization at risk. I’ve been seeing an increasing number of malware infections on older operating systems as antimalware manufacturers end support for their software. In most cases, these machines are running in forgotten corners of your workplace, but may monitor or control critical components of your infrastructure. The cost to recover a compromised XP machine and remediating the damage it caused typically outstrips the cost to replace it. Don’t put it off until it’s too late.

Image courtesy of Salvatore Vuono at FreeDigitalPhotos.net

hackermalwarepasswordsecurity

Five simple ways to improve your security

  • 0
admin
Wednesday, 05 November 2014 / Published in Woo on Tech
defense-graphic-300.jpg

If you’ve never really put much thought into computer security, but recent media coverage has convinced you it’s time to start taking it seriously, it’s easy to feel a bit overwhelmed. Where do you start? Everyone’s being hacked – even the really big companies with entire teams of IT professionals! How can I, “average computer user” even hope to keep my stuff safe? First off, in the immortal words of Douglas Adams: “Don’t Panic.” There are a handful of straight-forward, easy to execute measures you can take that will improve your overall security profile. Consider these your first steps to developing a more secure technology future for yourself and your business. While these are definitely not going to make you hack-proof, it will make you a much harder target, and most hackers will move on to easier prey.

  1. Use strong, unique passwords where it matters. Keeping your critical passwords different will greatly lessen the impact when an account or an account provider gets hacked. This includes any accounts that handle your finances, but also things like your Facebook or other social media accounts, and definitely protect your email with a good, solid password.
  2. Change your home router password. This will make your home network less susceptible to hacking. I’d like to think more and more folks will learn how to do this (if only once or twice a year), but I realize it’s not always a walk in the park. Call your ISP – they can usually walk you through it via the phone, or if you’d prefer a more personal approach, call your local computer consultant. You’ve got C2 on speed dial, right?
  3. Make sure your antivirus software is running and up to date. Know what it is called, and understand how it appears on your computer, including warnings and detections. If you don’t have the time or inclination to manage this aspect of computing, there are plenty of companies (like C2!) that offer something called “Managed Support” that includes monitoring your antivirus software for you. This usually also includes making sure your Operating System stays up to date as well.
  4. Stay away from strange email attachments and unfamiliar websites. Most viruses are delivered via these two methods. If you receive an attachment you weren’t expecting, don’t open it, even if it looks legitimate. Call the sender and confirm they sent the email.
  5. Be cautious when installing software or driver “updates” especially when notified via browser pop-ups. These are frequently not legitimate and will lead your computer down a dark path of malware infestation. Be particularly suspicious if the “updates” suddenly appear when visiting a new website, or opening an attachment. That’s your signal to cancel any pop-ups and call for professional technology assistance!

These practices will improve your security stance, but there are still a myriad of other things that you could do to strengthen your defenses. To take it to the next level, you should consider the following questions:

  • Do you (or your company) handle other people’s sensitive information?
  • Do you work in (or for) a regulated industry? A publicly traded company? (Health, finance, government, etc.)
  • Do you have intellectual property that is stored and/or transmitted digitally?
  • How much inconvenience and expense are you willing to incur to reduce your risk?
  • How much of your livelihood would be jeopardized if your computer was hacked?

Answering these tough questions usually requires assistance from an experienced IT professional, even on a individual basis. That being said, achieving any measure of improved security begins with everyone taking some measure of personal responsibility for security, and they can start that process by following the five simple practices outlined above.

computersrisksecurity

Office365 Subscribers get unlimited cloud storage

  • 0
admin
Monday, 27 October 2014 / Published in Woo on Tech
Office365 Logo

In the ever-escalating cloud services arms race, Microsoft just trotted out a whopper of a one-up over just about everyone in competition: Microsoft’s OneDrive VP just announced on the OneDrive blog that all Personal, Home and Education Office365 subscribers will have access to unlimited cloud storage for no additional cost. Lest you feel left out in the cold, business subscribers, Microsoft has plans to extend your storage in a similar fashion in 2015. All a part of its master plan, Microsoft envisions a future where everything is done in the cloud, and they want to make sure you are firmly rooted in their ecosystem.

What this means for you:

Before you rush off to move all your files to the cloud as Microsoft suggests, you should consider the implications. Cloud storage of any type is a double-edged sword: on the one hand, once you get your data uploaded, you can (supposedly) stop worrying about mechanical failures, such as hard drive crashes and sending your USB thumb drives through the wash. Another great benefit is your data is essentially accessible from anywhere on the internet. Setting up technology to provide this type of of service is not trivial. Even when you are as big as JP Morgan, it’s still possible to misconfigure your servers, so having a provider who is (probably) an expert at this is better than trying to do it yourself, especially if your company can’t afford a full-time IT professional.

On the other hand, your data is now stored on hardware (and a service) over which you have very little control, and which requires an internet connection. There is also the possibility that your data could be accessed without authorization, either by hackers who manage to penetrate the services security, or by the provider itself, who may be subject to government subpeona, or even by a provider employee with malicious intent.

Given the two sides of this very sharp sword, one must make a reasoned decision about whether to employ cloud storage as part of your technology profile. The most important factor will be the type of data you are planning to store: if any of the alphabet-soup laws apply (HIPPA for example), you may be severely limited in what you can legally store on a cloud-based service. Even if the laws don’t seem to directly apply, consider the consequences if any of your data were to be exposed on the internet for anyone to see: would it be damaging to your business or your clients? If so, you may want to rethink whether the cloud is ready for you.

clouddatahippamicrosoftoffice365onedriveprivacysecurityunlimited storage

Chinese iPhone users being hacked

  • 0
admin
Tuesday, 21 October 2014 / Published in Woo on Tech
eyePhone

According to security and censorship watchdog Great Fire, the latest iPhone just made its debut in China, and already new owners are being hacked by what appears to be a state-sponsored “man in the middle” attack. Though there have been many other allegedly government-backed attacks on US-based companies, presumably for commercial or political gain, this appears to be aimed at gaining iCloud identities of its own citizens, and its hard to not draw a dotted line to the recent Hong Kong protests, images and news of which were widely disseminated by mobile devices like the iPhone.

What this means for you:

Unless you are a Chinese citizen that has somehow managed to find your way to this modest blog, this particular event won’t have much impact on you. The hack is actually being perpetrated by China’s “Great Firewall” and only affects a specific, Chinese-only browser called 360 Secure Browser made by a company called Qihoo. Use of this browser is apparently mandatory for all education institutions in China. Seeing as other browsers not under the control of the Chinese government like Firefox and Chrome appear to be unaffected by the hack, it’s hard not to jump to some obvious conclusions. While the more conspiratorial among you may whisper that the American government is only a few steps behind the Chinese in this egregious breach of privacy, it’s important to note that unlike China, US-provided internet is not gated by a single, government-controlled firewall like China’s Great Firewall, nor our are students and teachers mandated to run a (allegedly) state-backed browser. However, this does not mean you should be less vigilant in protecting your security and privacy, as its quite apparent that US agencies like the NSA have no problems snooping on its citizens anyways.

360 secure browserAppleChinahackiPhoneman in the middleprivacyqihoosecurity

Poorly configured website exposes customer data

  • 0
admin
Wednesday, 08 October 2014 / Published in Woo on Tech
MBIA

First the country’s largest bank has a huge data breach, and now the nation’s largest bond insurer admits that it inadvertently exposed sensitive customer information through its website. As an example of the old maxim, “Man has no greater enemy than himself,” MBIA, Inc. allowed unfettered access to a subset of very sensitive customer information (think: customer names, account and routing numbers, balances and dividend amounts) via a poorly configured webserver that opened up this data to the general internet. Access was so unrestricted as to allow search engines to index up to 230 pages of information that also included administrative login credentials that could lead to much more significant security breaches throughout the MBIA infrastructure.

What this means for you:

Today’s technology is a resounding testament to how innovative humans are, but equally apt to demonstrate just how fallible we can be. In the digital world, a simple mistake can lead to millions being compromised in life-affecting ways. Most of you aren’t responsible for millions of customers or their data, but imagine if you had to contact your hundreds or thousands of customers with the bad news that “due to a configuration error” their data was leaked to the internet, and probably in the hands of cybercriminals. Whether it is thousands or millions, it would still be a nightmare, especially if your business isn’t big enough to be able to count on the data breach fatigue that has allowed Target, Home Depot and JP Morgan to sail past titanic failures in security. In the end, your security boils down to one thing: humans, not machines. Knowing this, you should always hope for the best (we will get better at this) and plan for the worst: we’re going to make a lot of mistakes along the way!

data breacherrorleakmbiasecuritysensitive personal informationweb server

Public shrugging off data breaches?

  • 0
admin
Tuesday, 07 October 2014 / Published in Woo on Tech
Time for caution

America’s biggest bank JP Morgan Chase announced last week that it was the latest victim of a major security breach. According to their regulatory filing, data from nearly 80 million customers was exposed in a successful hacking attempt earlier this year. Though the bank was quick to emphasize that our money and most sensitive bits of info such as dates of birth, social security, passwords and IDs weren’t stolen, names, addresses, emails and phone numbers were – all which could be used to facilitate an identity theft, but which aren’t considered protected or sensitive in most cases. While it’s troubling that the country’s number one bank got hacked, what’s even more worrying is that the media, the public, and even Wall Street seemed to shrug it off and carry on.

What this means for you:

Americans seem to be developing what some analysts are dubbing data breach fatigue: everytime we look up, yet another high-profile company or livelihood staple has been hacked. The list reads like a modern family’s honey-do list: Target, Home Depot, Neiman Marcus, EBay, UPS, Apple, Nintendo, Sony, Albertsons, SuperValu, CHS, etc. There have been nearly 600 data breaches reported this year, up 27% over last year, and we aren’t even done with 2014. Fortunately, only a small percentage of the total population have been negatively impacted in a signficant way, though most of us have probably had one or more credit cards get canceled and replaced for fraudulent activity. What this is leading to is the general perception that these data breaches are “bad” only in a vaguely annoying way, and there is not much that an average person can do to protect themselves, “Heck, if JP Morgan can’t figure out how to keep the hackers at bay, how can I ever stand a chance?”

While it’s true you can’t stop JP Morgan from getting hacked, you can make it harder for cybercriminals to hack you: don’t give in to the fatigue – make them fight for every bit they try to steal from you. Change your passwords regularly, and use unique passwords for your important accounts. Keep a close eye on your credit card statements and your credit history. Make sure your all computers you use have up-to-date and functioning antivirus software. Avoid email attachments and unfamiliar websites. What was once considered “paranoia-level” precautions are the new standard of online safety. Considering that nearly half of Americans adults have had some form of their personal data stolen through an online breach, it’s safe to say that “they” are out to get you – paranoia or not.

chasecreditdata breachdata theftfraudhackerHackinghome depotjp morganperson informationsafetysecuritytarget

Heartbleed bug has a “sequel” – Shellshock

  • 0
admin
Saturday, 27 September 2014 / Published in Woo on Tech
Linux targeted

While the world is trying to mop up the mess that Heartbleed left behind, along comes another vulnerability that might be just as big. Dubbed “Shellshock” because it affects the Bash shell commonly found on Linux computers, and (this may surprise you) some Mac OS X servers. “Shells” are the technical term for the user interface of a computer, something you may know as a “GUI” (sometimes pronounced “gooey”, an acronym for graphical user interface). In this case, Bash is a text-based user interface that has been in use on Unix & Linux machines since 1989. What makes Shellshock so alarming is the ease of which could be exploited by hackers, the scope of hacks which could come from exploiting the weakness, and the number of machines potentially vulnerable to this bug.

What this means for you:

Unless you run a Linux or Mac OS X Server, most folks could be affected by this the same way they were exposed with Heartbleed – anyone who uses the internet has probably visited a site or used a service that is run on Linux-based webservers, and a large percentage of them probably use Bash. Security firms have already discovered attacks “in the wild” attempting to exploit un-patched servers, and due to the pervasive access a command line interface has to the computer’s operating system, any number of system compromises can be executed once the hacker has control of the Bash shell. In other words, if an internet service you use gets “Shellshocked”, any data they may be storing about you on their servers could be exposed. For now, unless you are a server administrator, there’s not much you can do, other than inquire with your critical providers whether they have taken steps to protect against the Shellshock vulnerability.

Applebashhearbleedlinuxmac os xsecurityshellshockunixvulnerability

Android Browser bug exposes users to exploit

  • 0
admin
Wednesday, 17 September 2014 / Published in Woo on Tech
Android Logo

A flaw in an Android open source web browsing app found on nearly half the active Android user base could potentially be used by malicious websites to steal user information. Reported by white-hat hacker Rafay Baloch earlier this month, this bug affects the Android Open Source Platform browser – also known as “Android Browser” – which was the default browser on all Android phones shipped prior to Android OS 4.2, when Google switched the default browser to Chrome. Even then, parts of Android Browser were still being used by other OS applications up until version 4.4, when Google swapped those parts out for Chromium ones. A survey of web browsers used shows that nearly half of all Android users may be using Android Browser actively, which could equate to nearly 40 million potential victims.

What this means for you:

Note that “Android Browser” (with capital B) is the actual name of this program, and should not be confused with the Chrome app, which is also an “Android browser” – as in it’s an app that lets you browse the internet on your Android device. If you still have the Android Browser app installed on your 4.X Android phone, you should replace it with Chrome. However, this may only solve part of the problem, as many other apps that have some form of internet browsing built into it may be using the flawed engine embedded inside the app itself, and there is no clear way to know for sure without asking the developer.

Now that Google has officially acknowledged the bug, a fix is supposedly in the works, but hasn’t said when it will release the update, which will have to be delivered as part of an OS update (ie. going from 4.3 to 4.4) and not throught Play Store. Also, it’s not clear whether that update will trickle down to the many apps that still use the engine to power their own embedded browsers. For now, stick to using Chrome, and be wary of apps that have built-in web browsing capabilities.

AndroidbrowserchromeexploitflawGooglemobilephonesecurity

Lessons Learned from Home Depot Breach

  • 0
admin
Sunday, 14 September 2014 / Published in Woo on Tech
Home Depot Hacked

After the massive security breach Target experienced in 2013, Home Depot management had the best intentions in immediately planning for a similar attack being directed at them. Unfortunately, they were about only a quarter of the way through their plans to beef up security at their stores when the big-box DIY chain recently announced that they’ve been hacked, with potentially tens of millions of customers exposed. To add insult to injury, its beginning to look like hackers penetrated Home Depot point-of-sale systems as far back as April.

What this means for you:

By now, you probably realize that there’s not much you can do other than what you’ve already been doing: use credit cards, not debit cards, wherever possible, and always keep an eagle-eye on your purchase history. Credit card companies are already doing a pretty good job with their fraud-detection algorithms – don’t ignore those automated calls when you get them. Given the massive number of breaches happening, it’s very likely that your credit card number has been stolen (or soon will be) if you shop at most large chain-based retailers.

As a business, you can take a lesson from Home Depot’s woes: move quickly. Home Depot’s implementation was likely hampered by both logistical complexity (hardware replacement at thousands of locations scattered across a gigantic area) as well as “traditional” corporate bureaucracy. There’s not much to be done for the first part except to take it into account when combating the second part, which while understandable, will lead to disastrous consequences. Cyber criminals aren’t slowed by corporate chain-of-command – don’t let your decision making process expose you to a damaging security breach.

breachcredit cardshackhome depotpoint of saleretailersecuritytarget

Hacktivists rock Peruvian government

  • 0
admin
Wednesday, 03 September 2014 / Published in Woo on Tech
Hacked

Despite what US mainstream media might be conveying with their breathless coverage of celebrity accounts being hacked for their lewd selfies, not all hacking activity is for titillation or criminal exploitation. A duo of hackers, self-dubbed LulzSecPeru, have penetrated multiple Peruvian government websites and servers, defacing webpages and stealing confidential data as a demonstration of their hacking abilities and purportedly to shake things up politically. Among the data stolen were several thousand emails from the former Prime Minister, which revealed the presence of possible undue influence by Peruvian industry lobbies. The sudden transparency nearly forced the resignation of the entire cabinet in a Congressional vote of no confidence which only missed passing by one vote.

What this means for you:

Once again, hackers prove that if it touches the internet (and sometimes even when it doesn’t), privacy breaches are just around the corner, especially when what is hidden is likely to be highly valuable to someone. Though this particular feat was slightly less salacious than the celebrity breaches, the only rule of thumb that can be followed is this: if you don’t want your “dirty little secrets” spread all over the internet, don’t put it on an internet-facing computer, cloud server or mobile device. Information, especially confidential data, is the new currency of the world economy, and as with all currencies, most folks will go to great lengths to amass it, especially if it has the potential to undermine authority or generate wealth. Complete isolation from the internet is impossible for most businesses, but you should review very carefully what information is stored where, and the potential damage it can cause your company if it were stolen or exposed in a security breach.

breachemailgovernmentHackinglulzsecperuperusecurity
  • 11
  • 12
  • 13
  • 14
  • 15

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP