Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Snapchat Hacked – Millions of Mobile Numbers Exposed

  • 0
admin
Wednesday, 08 January 2014 / Published in Woo on Tech
Snapchat Hacked

Another day, another social networking site hacked. This time, unfortunately, it was new internet darling SnapChat that was breached, exposing over four million mobile numbers and user names. The hacker(s) who published the data did so purportedly to compel Snapchat to take action on security flaws in its platform that have been known since earlier in the year, but remained unpatched up to (and even past) the public release on Dec 31, 2013 of the information harvested by exploiting the security flaws.

What this means for you:

SnapChat is very popular with younger generations who moved to the service for a variety of reasons, not the least of which was more privacy (from Facebook-savvy parents and authority figures) and less permanence (Snaps are deleted forever within seconds of being shared). Irony aside, the data exposed in the security breach reveals sensitive personal data from millions of individuals, many of whom are probably minors, a demographic that may include your child(ren).

You can check this website to see if any of your family’s mobile numbers were leaked by this SnapChat hack. While the data released isn’t as sensitive as bits like Social Security numbers, birthdates or debit card pins, some other services do use mobile numbers as identifying data, alongside usernames which many people (including Snapchat teens) like to re-use as part of their online “brand.” Armed even with these slender morsels, clever social engineers can wedge their way into someone’s online presence and use it as a stepping off point for a complete takeover of an identity, leading to credit fraud, theft and much, much worse.

breachexploithackleakmobile numbersprivacysecuritysnapchat

Chrome not as safe as you might think

  • 0
admin
Wednesday, 11 December 2013 / Published in Woo on Tech
Chrome Logo

Back when Google’s Chrome browser was brand new in the browser market and demonstrating how poor Microsoft’s Internet Explorer security was in comparison, it was easy to recommend it as the faster, more secure option. However, with market share comes concessions to convenience and feature-creep, and it seems that Google may be stretching itself too thin to be the browser on everything and for everyone. Aside from the rather disturbing and glaring security flaw pointed out earlier this year in the desktop versions of Chrome (and steadfastly refuted by Google…until it was fixed), Chrome has typically been viewed as the “most secure” of the big three Windows browsers (the other two being IE and Firefox).

Unfortunately, security firm Identity Finder has burst this bubble by revealing another weakness in Chrome. In the spirit of convenience, Chrome offers to save information used to fill out the countless webforms we all run into on a daily or even hourly basis while surfing. Most of these fields are what would be considered personally identifying information (names, addresses, account numbers, etc.) and Chrome stores them in plain text on your hard drive so as to be able to retrieve them for autopopulating other web forms. The problem with this, of course, is that anyone with access to your hard drive can read that data and use it to nefarious ends. And in case you’re still trying to sort out why this is bad, access isn’t limited to someone working on your computer or stealing your hard drive. Unauthorized access is most often gained now through malware infections.

What this means for you:

Sadly, achieving better security is no longer simply a matter of changing your browser, no matter how much any company (even Google!) would have you believe otherwise. If you want to disable the above mentioned “feature” in Chrome, you can do so by visiting Settings -> Advanced Settings -> Passwords and Forms and unchecking “Enable Autofill to fill out web forms in a single click.” You should never rely on just a browser choice to determine the totality of your security. Good security is a combination of browser choice, settings, malware protection and constant vigilance. Chrome still remains a solid choice as a browser but beware convenience features like Autofill and saving passwords in your browser, as this convenience may come at the price of security.

autofillchromeGoogleidentity theftmalwarepasswordssecurity

Was your password exposed?

  • 0
admin
Tuesday, 10 December 2013 / Published in Woo on Tech
Exposed password

A new website entitled “HaveIBeenPwned.com” recently launched that indexes millions of accounts that have been exposed in some of the largest data breaches in the past 3 years, including the most recent data theft from Adobe, in which over 153 millions accounts were dumped onto the internet. This website allows anyone to punch in their email address to see if their credentials were a part of the haul the data thieves looted in these attacks. Interestingly enough, I punched in my personal email address and discovered (as expected) my account was one of the 153 million exposed in the Adobe breach. Other breaches covered in this database include Yahoo, Sony, Stratfor and Gawker. If you happen to use any websites from those companies, it may be worth your while to check to see if you might have a password issue.

What this means for you:

If you happen to score one or more hits in the database on this website, and you know you’ve used the same password exposed in the above data breaches on other sites, you should stop using that password immediately and head out to change your other passwords ASAP. Even if you didn’t score a hit in the database, there are data breaches happening constantly, and computers have become strong enough to crack the encryption used to store and ostensibly protect them. Where possible (and reasonable), you should be using unique, strong passwords for all your important web services, especially the ones that have access to your sensitive data and money. Programs like Passpack (what I use) and LastPass are indispensible tools to assist in making strong password use practical. Each has a bit of a learning curve and will take some getting used to, but the time spent will be a worthwhile investment in protecting yourself online.

Image courtesy of Salvatore Vuono / FreeDigitalPhotos.net.

adobedata breachexposedgawkerpasswordsecuritysonystratforyahoo

Hacker Drone hacks and enslaves other drones

  • 0
admin
Wednesday, 04 December 2013 / Published in Woo on Tech
Parrot AR Drone

Just in time to ride the publicity wave created by Amazon Prime’s Delivery Drones, infamous MySpace hacker Samy Kamkar has created a flying drone that can hack other drones and take over control of them. Before you grab your bug-out bag and head to that bunker in Montana, it may ease your fears somewhat to understand the drones in question are of the toy variety, versus the death-dealing military variety. The popular Parrot AR Drone is controlled from an iPad or iPhone via unencrypted Wi-Fi, a feature that Mr. Kamkar takes full advantage of in his miniature drone predator, aptly dubbed, “Skyjack“.

What this means for you:

While Skyjack is a long ways away from hacking the various UCAVs that are in extensive use around the world, it’s not hard to imagine how this could escalate the high-tech arms race fueled by the highly-publicized arrival of combat drones in the Afghanistan invasion. The idea behind Skyjack is a drone that can hunt out other Parrot AR Drones autonomously and enslave them. Fly Skyjack into a park where enthusiastic drone pilots are taking their Parrots for a spin, and the more unscrupulous Skyjack pilot can steal away the $300 devices in a blinking of an LED. Now extend that idea to a drone that can fly around neighborhoods, hunting out unsecured Wi-Fi networks or routers, hacking them, logging their locations, and then returning to its owner with map and database of ripe targets. Have I frightened you enough yet to get you to change the password on your home router to something a bit harder to guess?

Image Courtesy of Wikipedia.org

combat dronedroneshackerHackingparrot ar dronepasswordssecurityskyjacktoyucavwi-fi

Goodbye Passwords, Hello Accessories

  • 0
admin
Tuesday, 03 December 2013 / Published in Woo on Tech
Yubikey by Yubico

Once again, Google is blazing a new technology path, not necessarily by innovating, but by having the size and influence to make change happen in an industry that seems at times to get stuck in a vicious circle. In this particular case, technology has been navel-gazing on the password issue for years despite having the solution in hand decades ago: multi-factor authentication. In its most simplistic and well known form, you have probably been using two-factor MFA for years without even realizing it: your ATM card and PIN. In MFA terms, this is “something you have” (your ATM card) and “something you know” (your PIN). Without both present, authentication doesn’t happen.

Using its thousands of employees as guinea pigs since early 2013, Google is testing a technology platform it plans on releasing in 2014 based on MFA. The “something you have” in this case is a small USB FOB that is paired with your user login and a simple 4-digit PIN (“things that you know”) that authenticates you on a computer or an NFC-capable mobile device. If this sounds familiar, it may be because this device I wrote about previously does essentially the same thing. Instead of having to remember a bunch of different passwords, whenever you needed to prove who you are on the web or in an app, you could plug in your Yubikey (or tap your Nymi!) and viola, “Identity Verified!”

What this means for you:

The Yubikey Neo isn’t available yet, and Google hasn’t given a firm date as to when it will be available other than “2014”. Also, the utility of the device is highly dependent on a wide variety of services adopting the authentication platform, so even if they made it available as early as next month, you may find it to be somewhat useless until your favorite providers implement the technology, if they do at all. If you want to show your support for the death of the password, you may want to jump on the Nymi bandwagon, as even if the product never gets widely adopted, you can still accessorize with a wearable conversation-piece!

Googlemulti-factor authenticationnfcnymipasswordssecuritytwo-factorusbyubicoyubikey

Stay Frosty for a Hack-free Holiday

  • 0
admin
Wednesday, 27 November 2013 / Published in Woo on Tech
Time for Caution!

In the US, Thanksgiving traditionally marks the start of the holiday season, and most of us will open our hearts and minds (and wallets) just a bit more than we do during the rest of the year, and we let down our guard to enjoy the holiday spirit. Sadly, criminals and other malicious agents are also in the holiday mood, and count on the distractions of the season to really suck the joy out of the holidays. Here are some things you can do to make sure your holidays aren’t marred by the cyber Grinches:

  1. Stop opening email attachments
    This is how the dreaded Cryptolocker virus gets onto your computer. If you receive an email from someone with an attachment that you weren’t expecting, pick up the phone and call that person to confirm that the attachment is legitimate. Hey, it’s holidays. Shouldn’t you be reaching out and touching someone anyways?
  2. Stop clicking links in emails
    Just because you received an email from someone you know that has a link to the world’s funniest/scariest/cutest video does not mean you should click that link. At minimum, hover over the link to read where it’s really going to take you. Or pick up the phone and call that person to verify they sent the email in the first place, especially if the email seems to be out of character for the sender. Sensing a trend here? Wouldn’t you rather be on the phone catching up with an old friend rather than explaining to a bunch of angry relatives why you sent them a virus via email?
  3. Beware of fake Holiday Greeting cards, donation solicitations and other holiday-related spam
    Hackers will be taking advantage of the increased volume of these types of emails. Observe rules #1 and #2, and watch out for poor grammar and out-of-character emails. Just received an X-mas ecard from someone you haven’t talked to recently? You guessed it…pick up the phone!
  4. Be careful with your personal data
    Let’s say you knuckled under the pressure and clicked a link. The website you landed on is asking you for some personal information that seems relatively harmless: Birthdate, ZIP Code, last four of your Social Security number. Unless you are at the website with which you already do business (and have verified its that company’s actual website and not a fake one!), stop what you are doing and back away from the computer. Even these bits of data can be used as a digital wedge to get at other data from your personal life, which can lead to theft of both your money and identity.
  5. Put a password or pin on your phone
    See last week’s article on why this is important, and how to do it. Don’t ask why, just do it. Trust me.
  6. Be less conspicuous about using your smartphone
    Thieves are targeting smartphone users, especially iPhone users, because the devices are in high demand on the blackmarket, especially overseas where the phones can be reactivated without fear of being tracked. A protective case can help disguise your phone, but if you really want to blend in better, choose one that isn’t blinged out and brightly colored. That case that really helps you stand out in a crowd also paints a big target on you for thieves. Keep it in a deep pocket or a bag/purse that zips or latches shut so it will be less likely to accidentally fall out and picked up by someone looks for a free smartphone.
  7. Keep an eye on your laptop and/or tablet
    A lot of us will be traveling during this time of year, and it’s becoming increasingly common to drag along our work laptop so we don’t get too far behind while visiting with family. You’d be surprised at the number of laptops lost/stolen in airports and rental car terminals, primarily because the owners are distracted and overburdened. Having to call your boss to tell them you lost your work laptop and all the data on it will make for a very stressful holiday. It’ll be even worse if you have to call clients to tell them you have lost their sensitive data or may have exposed them to a security risk.
  8. Where possible, don’t let online vendors store your credit card information
    Up until very recently, most online stores assumed you wanted to keep your credit card “on file” with them for convenience on future purchases. While this is still the case, many now offer the option to remove that information, or to not store it in the first place. Given how many websites are being hacked these days, you may be better off not keeping that number on file, especially if it’s with a store you don’t frequent. Having to enter your credit card information once or twice is a trivial inconvenience as compared to having to replace all your credit cards because a website you bought something from years ago got hacked.
  9. Beware deals on technology “too low to be believed”
    With technology, you get what you pay for 99% of the time, which is to say that if you got it cheap, it’s likely that it is cheap. That knock-off iPhone charger might have been a steal, but if it burns up your battery due to an electrical short, your $5 charger just cost you $500.
  10. Give yourself a gift this year: Back up your data
    All hard drives fail eventually. Phones break, get lost or stolen. Viruses happen. If your data is important enough to save to a disk, it’s important enough to back up. There are online subscriptions that can take care of your most precious digital assets for pennies a day and are so simple to use that anyone who knows how to click a link can set up an account. You might not be able to keep the cyber Grinches at bay forever, but a good backup can take most of the sting out of worst virus infections or hardware failures.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net.

apple pickingbackupscautioncredit cardshackersholidaysiPhonepersonal datasafetysecuritysmartphones

Is Your SmartTV Spying On You?

  • 0
admin
Wednesday, 20 November 2013 / Published in Woo on Tech
TV Spy

As if all the NSA surveillance nonsense wasn’t enough to put everyone on edge about covert snooping, a UK blogger has published information that appears to demonstrate that his LG Smart TV was transmitting data to internet servers about his and his family’s viewing habits, as well as information about USB devices and files attached to the television. On top of this blatant invasion of privacy, there appears to be no way to opt out of this information gathering and sharing, and the information was being sent unencrypted over the internet. When questioned about this particular behavior, an LG representative unapologetically pointed to the Terms and Conditions that the blogger tacitly agreed to upon purchase of the TV, and suggested that he take up his beef with the retailer who sold him the TV in the first place, essentially insinuating it was their fault for not warning the buyer that they were purchasing a 42″ privacy invasion.

What this means for you:

If you have an internet-enabled television, it’s very possible that device is phoning home with data about your viewing habits, and it’s also likely the only (easy) way to disable this is to disconnect the TV from the internet, a feature that was probably instrumental in this particular model being purchased in the first place. Granted, there have been thousands and thousands of families who have happily volunteered this information for decades (think Nielsen ratings), but they knowingly opted in to this reporting. It’s unclear whether TV manufacturers (and the entertainment industry in general) will come clean about this practice any time before Black Friday sells thousands (millions?) more of internet-enabled TVs, and even if they do, you can bet the majority of folks will be outraged for the regulation 15 minutes, and then will probably “return to their regularly scheduled program.” If you have concerns about your shiny big-screen selling you out, pick up the phone or write an email to the manufacturer. Failing a response from them, it may be time to raise a stink at your local big box that sold you the device, because nothing kills sales like angry customers dragging big screen TVs through the return lines.

Images Courtesy of Ohmega1982 (TV) and Salvatore Vuono (eyeball) / FreeDigitalPhotos.net

internetlgphone homeprivacysecuritysmart tvspyingsurveillanceviewing habits

Safeguard Your Smartphone Against Theft

  • 0
admin
Wednesday, 20 November 2013 / Published in Woo on Tech
ID-100146464.jpg

The winter holidays are upon us, and with them comes the shopping, traveling and general merry-making. Law enforcement is also warning about the increasing rate of smartphone thefts as criminals take advantage of the increased distraction, armfuls of packages and winter clothing to abscond with devices they know most people carry and use these days. Though you can do a lot to lower your profile as a potential victim, its an virtual guarantee that a certain percentage of you will have your phone stolen or lost, and aside from the loss of the device itself, your data could also be exploited to your further detriment if your device isn’t properly safeguarded against possible theft. CNET has a comprehensive article detailing how you can secure your data and increase your chances of recovering your iOS, Android or Windows smartphone in case it is stolen, but if you are in a hurry (and who isn’t, these days?), I’ll provide a summary of the basics below.

What this means for you:

For all phones:

  1. Use a pin, password, or fingerprint to lock your phone.
  2. Encrypt your phone data. iPhones and Windows Phones do this by default, but it must be enabled manually on Android devices.
  3. Back up your critical data, whether it’s contacts, emails or photos. 

For iPhone Users:

  1. Disable access to any features made available through the lockscreen, such as dialing and texting via Siri.
  2. Set up an iCloud account and enable “Find my iPhone” so that your device can be tracked in case of loss or theft.

For Android Users:

  1. Disable access to lock screen features.
  2. Setup Android Device Manager and make sure tracking and control of your device is enabled.
  3. If you use a microSD card, be aware that it cannot be wiped remotely like the phone’s internal memory (but it can be encrypted).

For Windows Phone Users:

  1. Sit back and relax, as tracking is enabled by default and the lock screen doesn’t allow access to anything.

The article is really worth reading. If you truly are pressed for time, skip to the part that is pertinent to your specific phone platform. The author provides much more detail on how each tracking system works, as well as what the systems can and can’t do. It may mean the difference between having a happy holiday or a blue Christmas if (when) you get separated from your smartphone.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

AndroidencryptioniosiPhonelockpinsafeguardsecuritysmartphonesthefttrackwindows

Another IE Zero Day Exploit in the Wild

  • 0
admin
Tuesday, 12 November 2013 / Published in Woo on Tech
Microsoft Zero-day Warning

It’s nice that Microsoft can keep guys like me busy. Luckily, exploitation of their latest zero-day weakness seems to be limited (so far) to an advanced persistent threat (APT) attack targeting users of a specific national and international security policy website. This particular exploit is being delivered in a traditional “drive-by” attack when users of the English-version of Internet Explorer (specifically IE 7 and 8 on Windows XP, and IE 8 on Windows 7) visit this website. What distinguishes it from past threats is this malware’s ability to write malicious code directly to memory and then execute without writing to disk, a technique that makes detection and remediation much more difficult.

Microsoft intends to release a patch for this vulnerability as early as tomorrow (Nov 12). This is very fast for someone like Microsoft, and may be an indication of how serious this particular vulnerability might be.

What this means for you:

Though the exploit seems to be narrowly targeted at the moment, security researches say it wouldn’t be hard to manipulate the existing attack software to affect all versions of IE from 7 through 10, and any language in which IE is distributed. Assuming you have the leeway to do so, I still recommend using another browser like Chrome or Firefox, which still have a better track record when it comes to catching and patching weaknesses like the above. If you are required to use IE, make sure Windows Update is functional, and that you apply all critical and important updates as they are downloaded to your computer. Larger companies may control how frequently Windows Updates are applied in their enterprise, but don’t be afraid to ask your resident IT representative if they are taking steps to keep Internet Explorer safe for your use.

advanced persistent threatbrowserchromefirefoxinternet explorermicrosoftsecurityzero day

Hacked Limo Co Exposes Customer Data

  • 0
admin
Tuesday, 05 November 2013 / Published in Woo on Tech
Hacked

While analyzing the data trail of the recent, highly-publicized Adobe security breach and data theft, researchers also discovered data that appears to have been stolen from a prominent online broker of limousine and towncar services. Among the some 850,000 customer records discovered were such illustrious names as Donald Trump, LeBron James and Tom Hanks as well numerous other wealthy and/or famous individuals. The data also included credit card information, pickup times and locations and even ID numbers of private airplanes used by this company’s customers. The records also included notes on customer behaviors and activities including a number of tidbits that could prove embarrassing or even potentially incriminating. Even if the data were to somehow avoid falling into the hands of police or tabloids, it’s highly likely that cybercriminals will have already cherry-picked many of the customer records for their potential use to fuel spear-phishing attacks and other focused cyber-espionage attempts on corporate and government targets.

What this means for you:

You may have enforced rigor and discipline in your own technology, to the point where you feel fairly confident that you can avoid most attempts to compromise your technology security, but the above points out an uncomfortable reality: you cannot control what information is being gathered about you whenever you interact with the rest of the world. You have two choices here: acceptance and vigilance – be watchful and cautious, and come to grips with the fact that 100% security is impossible, or move to a bunker in the wilderness, off the grid and completely isolated from society. However distasteful and infuriating the former may feel some days, the latter is just not a practical choice (or even possible) for most people.

adobebreachespionageHackingprivacysecurityspear phishing
  • 16
  • 17
  • 18
  • 19
  • 20

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP