Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Java 7 Flaw Prompts Widespread Warnings

  • 0
admin
Sunday, 13 January 2013 / Published in Woo on Tech
java-logo.png

Carnegie Mellon University’s CERT and the Department of Homeland Security have issued a broad warning about using the latest version of the Java 7 plug-in for web browsers, and some browser manufacturers have already taken steps to disable Java application execution until the vulnerability can be fixed. The security flaw is already being exploited in the wild, and can be used to run malicious code without the victim’s permission or even awareness. Oracle is investigating, but has not indicated when the hole would be patched, aside from promising a fix “shortly.”

What this means for you:

Unless you have a really good reason to keep running it, you should probably disable Java until Oracle can fix this problem. Unlike other vulnerabilities that affect specific browsers (Internet Explorer has been notorious for flaws in the past), this particular problem affects all browsers that have a Java 7 plugin, including the Apple OS. Oracle has had problems in the past with providing quick patches for the Java platform, so until they do, the safest approach is to disable the plugin in your browser.

Click this link to see how to disable Java in your browser

browserchromeexploitfirefoxinternet explorerjavapluginsafarisecurityvulnerabilityzero day

Is Your Webserver a Double-agent?

  • 0
admin
Tuesday, 08 January 2013 / Published in Woo on Tech
Rogue Server

Over the past four months, many of the Western world’s largest banking institution websites have been under attack by a well-organized and funded cyber “brigade” that is allegedly part of the US-branded terrorist group “Izz ad-Din al-Qassam” – the military arm of Hamas. Aside from the publicly-stated political agenda motivating the attacks, little else was known about how the attacks were being carried out. Security analysts believed that rather than using large numbers of zombified consumer computers, this series of attacks were actually being powered by a smaller number of more-powerful webservers.

Security firm Incapsula confirmed this theory after recently discovering that a single UK webserver was behind a most recent attack on PNC, HSBC and Fifth Third banking websites. The server had been compromised with a simple backdoor program that allowed a remote operator to launch DDoS-style attacks using a simple, light-weight interface that may have been operating for months unbeknownst to the host or the server’s legitimate admin. Even though it was a single, relatively small server, it was capable of crippling websites of major financial institutions.

What this means for you:

The server in question wasn’t compromised using some sophisticated exploit, brute force attack or clever social engineering. According to Incapsula, the server was using an easily guessable admin password that resulted in an effortless and undetectable security breach. As consumer technology has become more accessible, so have server-class platforms that can be rented out by anyone with a credit card, and typically can be set up in minutes with only a rudimentary knowledge of server administration. This results in situations that look a lot like handing a powerful weapon to someone who has only been given very basic instructions on which end to hold and which end to point at the target. However, in the hands of a skilled hacker, a small “team” of compromised webservers is the equivalent of having a small special forces team operating behind enemy lines. Bottom line – if you have servers in your technology portfolio that aren’t being managed properly, your own technology might be waging an invisible war right under your nose.

Image courtesy of “renjith krishnan” / FreeDigitalPhotos.net

backdoorbankingcyber attackexploitfinancial institutionssecuritywebsite servers

Latest Zero-Day IE Exploit Still Vulnerable after MS Patch

  • 0
admin
Tuesday, 08 January 2013 / Published in Woo on Tech
Patched IE

According to security firm Exodus, the patch to Internet Explorer 6, 7 and 8 released on December 31 only fixed one of several ways to exploit a weakness in Microsoft’s browser. In their research on this exploit, Exodus continued to develop more aggressive ways to exploit the documented weakness and in doing so, uncovered a means that bypasses Microsoft’s fix, but are witholding details from the public until Microsoft has a chance to address their findings. A number of human rights and government sites have been compromised with malware agents that exploit this weakness and appears to be part of a larger campaign by the “Elderwood Gang” – a highly effective and well-backed group of hackers that have been targeting high-profile government sites since 2009, ostensibly with financial and espionage-based goals.

What this means for you:

Internet Explorer 6, 7 and 8 are still considered vulnerable, though no one has documented any websites yet taking advantage of the exploits discovered by Exodus. The fact that there are still holes in IE browser security will not go unnoticed, and if Exodus can develop work-arounds for Microsoft’s patch, you can bet groups like “Elderwood” will be able to do the same, if they haven’t already. Your best short-term solution is to either use another browser like Chrome or Firefox until Microsoft can fully patch this weakness, or upgrade your Internet Explorer to version 9 or 10 as soon as possible. If you are working for an organization or using software that requires backward compatibility to IE 7 or 8, you should consider having a serious discussion with the IT department about their reasons for maintaining what is increasingly becoming an untenable stance. If you are required to use IE 6 for some unfathomable reason, you should stop what you are doing immediately and consult with an IT professional, as IE 6 is a magnet for security exploits.

browserelderwoodexploitinternet explorermicrosoftpatchsecurityzero day

Stolen Laptop Equals $50k Fine

  • 0
admin
Monday, 07 January 2013 / Published in Woo on Tech
Lock up that laptop

Thanks to the commoditization of computer hardware, it’s possible to buy a serviceable laptop that costs less than $500 brand new. This has resulted in many companies relaxing the restrictions they had on their purchase and use, but a small healthcare provider in North Idaho learned a harsh lesson that hardware costs are the least of their worries when it comes to losing a laptop. The Hospice of North Idaho recently had a laptop stolen that contained unencrypted, sensitive personal information on over 400 of their patients, and because this is a violation of the Health Insurance Portability and Accountability Act, the Department of Health and Human Services is slapping the non-profit hospice with a $50,000 fine.

What this means for you:

Even if you aren’t a healthcare provider, being aware of the data on your company’s laptops should be a top concern, regardless of whether you think the data doesn’t fall into the protected class outlined by HIPAA. Mobile electronics, like laptops and smartphones are a prized target of thieves, on top of being ridiculously easy to damage and/or misplace all on their own. If your laptops are used heavily on the road, you should consider encrypting some or all of the data on the device, as well as making sure employees are using physical security devices like cable locks whenever the laptop is set down for more than 5 minutes, even if in a “secured” working environment. If your smartphone has access to any company or customer data, you should have auto-locking enabled and at least a 6-digit pin or password to unlock it. Cable locks won’t stop a determined thief, but it will deter most casual theft, and data encryption + passwords will make sure you never have to have that meeting with a client (or worse, a prospect) to let them know that their data might be at risk.

Image courtesy of “cooldesign” / FreeDigitalPhotos.net

data breachencryptionHIPAAlaptopphysical securitysecuritysensitive personal informationtheft

Today’s Antivirus Software is already outgunned

  • 0
admin
Tuesday, 01 January 2013 / Published in Woo on Tech
A shrinking bubble of protection

A recently published whitepaper from Redwood, CA security firm Imperva reports a disturbing trend that many technology professionals already suspected: current anti-malware manufacturers can’t keep up with the pace of virus development now that malware has moved from the realm of mischief to big-time criminal enterprise. Researchers from Imperva and students from Technion-Israel Institute of Technology put together a study that pitted 80 new viruses against over 40 of the top commercial antivirus products on the market, including Symantec, McAfee and Kaspersky and found that they were only able to detect 5% of the new malware infections.

It’s important to note that the sponsor of this study, Imperva, has a material stake in future anti-malware development, as their focus has been on developing a method of protection that differs from the traditional signature detection approach used by the mainstream antivirus developers. Signature detection relies on antivirus manufacturers being able to “capture” and reverse-engineer a computer virus strain to develop ways to combat infection, a process that is entirely reactive and time-consuming. As you might have guessed, new viruses can do their damage in minutes on a vast scale thanks to the internet, so relying on protection developed after the virus has been in the wild is of no help to those already infected. Cybercriminals realize they have the advantage of surprise on their side, and are investing heavily in staying ahead of signature detection algorithms.

What this means for you:

Future security is going to rely heavily on a combination of methods: signature detection, heuristic analysis (watching for anomalous behavior), virtualization/compartmentalization and good old fashioned paranoia/preparedness. The public at large has been lulled into a false sense of security in thinking that purchasing a product off the shelf will absolve them of the need to remain vigilant. As some of my clients can personally attest, you can have the best antimalware products on the market and still get infected. Technology security is more than purchasing software and hardware – it’s a process and state of mind that must constantly be maintained. If you are uncertain how to evolve your business practices to step up your state of readiness, give C2 Technology a call – we can help!

Image courtesy of graur razvan ionut / FreeDigitalPhotos.net

antimalwarecybercrimeheuristic analysiskasperskymcafeepreparednesssecuritysignature detectionsymantec

Criminals are taking hacking seriously. Are you?

  • 0
admin
Tuesday, 01 January 2013 / Published in Woo on Tech
Hacker invading your laptop

A 2013 whitepaper published by security firm Fortinet provides eye-opening details on the increasingly well-organized world of cybercrime that now features standardized pricing, polished branding, affiliate networks and zombie armies that can be rented for as little as $15/hour. Depending on the size of the botnet army, an incredible amount of damage can be done in an hour, making this one hell of a deal if your business is exploiting security flaws and stealing identities. Criminals have noticed the huge upside to cybercrime and, like they have always done, wasted no time investing big dollars and resources in this new “industry.”

What this means for you:

Overall, it’s unlikely criminals are outspending the big companies in the cyber arms race, but it’s almost a certainty that they are outspending and are better “armed” than most small and medium-sized businesses, especially ones that can’t (or won’t) afford the necessary investment in preparation and security. The most important thing you can do as a business owner that uses technology for any aspect of your business is ensure that you are taking the appropriate precautions and making the right security investments in your technology platforms. Keep in mind this doesn’t stop at buying hardware and software, but also includes training your employees as well as holding your vendors accountable for security as well.

Image courtesy of chanpipat / FreeDigitalPhotos.net

businesscybercrimeexploitsidentity theftmalwaresecurity

Another Zero-day Patch for IE 6, 7 & 8

  • 0
admin
Monday, 31 December 2012 / Published in Woo on Tech
Internet_Explorer_7_Logo.png

It might be the last day of 2012, but there’s still time to issue yet another patch to fix a zero-day exploit in Microsoft Internet Explorer 6, 7 and 8. Confirmed on Saturday by Microsoft, this patch fixes a vulnerability in all versions of IE prior to v9 that may allow hackers to gain control over a victim’s machine. This latest weakness is likely to be exploited when a computer using one of the versions of the aforementioned browser visits a malicious website, allowing it to run code that can corrupt the memory on the victim’s computer and from there execute malicious code as the logged in user, potentially resulting in backdoor installations, malware infections, and zombification.

What this means for you:

It’s conceivable you are still running IE 8 which was released in 2011, so you may be affected by this weakness. If you are running IE7 or, impossibly, IE6 (it was released in 2001 – over 10 years ago!), I’d say you are better off upgrading to the latest version of IE you can reasonably run on your computer, and then making sure it is patched appropriately.

browserexploitinternet explorermicrosoftpatchsecurityvulnerabilityzero day

E-Cards…from Hell!

  • 0
admin
Wednesday, 19 December 2012 / Published in Woo on Tech
ID-100106520.jpg

Holidays usually bring out the best in people, especially those who truly are kind-hearted and enthusiastic about the season, but it’s also an opportunity for the Grinches among us to take advantage of everyone around them. E-cards aren’t new to the internet, and may have actually waned in overall popularity since their inception many years ago, but the winter holidays usually see a spike in their usage. Internet blackhats know this trend, and ironically, it’s like Christmas for them, because they know they can trick more than the usual number of people into opening fake greeting cards that instead of delivering cheer and love, drop a big helping of malware coal in your digital stocking.

What this means for you:

Frankly, I verge on the side of paranoia, and and don’t open any digital greeting card these days unless I recognize the URL (and confirm it’s not a counterfeit). This makes me feel vaguely Scroogish, but I’d rather not spend the holidays disinfecting my computer. If you get a E-card from someone that you weren’t expecting, especially if it’s from someone you know wouldn’t send one (or they already sent you an actual physical greeting card), take a moment to contact that person to verify they actually sent it, especially if you don’t recognize the URL. Heck, it could be your opportunity to reach out to someone you haven’t spoken to in awhile, and there’s no better time like the holidays to reconnect with acquaintances, right?

If you do decide to open that virtual card, make sure your antimalware is up to date, your operating system fully patched, and you have C2 Technology on speed dial!

Image courtesy of “mrpuen” / FreeDigitalPhotos.net

fake emailsholidaysmalwaresafetysecurityvirtual greeting cards

Dunce of the Year Award

  • 0
admin
Wednesday, 05 December 2012 / Published in Woo on Tech
Dunce Cap

We’ve already seen way too much of some politicians and celebrities on the internet, but it seems human foolishness knows no bounds where the internet is concerned: sharp eyes have spotted a trend of people posting things like driver’s licenses, debit cards and other items with sensitive personal information in plain view on the internet through services like Twitter and Instagram. The reasons for posting these images aren’t immediately clear – and frankly, there isn’t a single logical explanation that doesn’t make these folks out as complete fools.

What this means for you:

In case you aren’t clear as to why this is a bad, bad thing – posting your sensitive personal information on the internet is tantamount to building a gigantic neon sign over your head that says, “Steal my identity, please!” To all the people who are doing this – STOP. Put down your smartphone (ironic, eh?) and step away from the internet. Go stand in the corner and put on that funny, pointed cap. Congratulations, you’ve just earned the Dunce of the Year!

Parents – if you have a teenager with their own smartphone and they’ve just earned their driver’s license or their own credit card, make sure they aren’t taking a picture of that shiny new card and posting it on the internet to brag to their peers. It might be a good time for a little security chat – and will be a lot more comfortable than that other chat you’ve been putting off for awhile now, right?

credit cartdriver's licensedunceidentity theftinstagraminternetsecuritysensitive personal informationstupid human tricksteenagersTwitter

Fake Browser Updates Trick Users

  • 0
admin
Friday, 30 November 2012 / Published in Woo on Tech
ID-10079656.jpg

Hackers are now taking advantage of conscientious users who have been repeatedly warned by folks like myself to keep their software, specifically their browsers, up to date. If a user happens to surf to a website hosting this new style of attack, they will be presented with a realistic-looking warning that asserts their browser is out of date, but if they click the convenient link to update the browser, they instead be infected with a trojan that will forcibly change the browser homepage to a site that will deliver a full payload of malware. If the user is unfortunate enough to have his or her anti-malware software overrun, they will quickly have a severely compromised computer.

What this means for you:

You should only ever download updates for your software from the manufacturer’s website, as it’s extremely unlikely for manufacturers to use third-party hosts for software updates. In the above example, users were directed to download an update from a domain “securebrowserupdate” which is something Microsoft, Google, Mozilla or Apple would never do for their browsers.  If you happen across a pop-up warning that an update is available for your browser, and you aren’t sure it’s legitimate, close it, then check your update status through the browser’s built into the interface, usually under the “Help” menu. Still not sure? Why not call an expert like C2?

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

Applebrowserschromefake updatefirefoxGoogleinternet explorermalwaremicrosoftmozillasafariscamsecurity
  • 22
  • 23
  • 24
  • 25
  • 26

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP