Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Change your router password now

  • 0
admin
Wednesday, 28 November 2012 / Published in Woo on Tech
ID-10071870.jpg

Security researcher Bogdan Calin has reportedly devised a new cyberattack method that can compromise certain types of routers merely by a local user opening an email on their iPhone, iPod or Mac. This new vector takes advantage of two common security weaknesses: the default mail client settings on Apple devices that loads remote images automatically, as well as default or weak admin passwords on consumer-grade routers that are often found in residences and small businesses. In a nutshell, the attack works by taking advantage of your router’s ability to be managed via web-browser by opening dozens of hidden pages with login and setting changes, each firing off in turn until one of them affects the change.

All of this happens in the blink of an eye, and because the changes don’t have to be destructive immediately, the user would not know they had just compromised their own network. These settings could include changing your DNS settings to servers that a hacker controls, allowing them to misdirect anyone on that network to sites that can further hijack computers. For example, typing “Google.com” would no longer take you to the actual Google website, but could instead send you to a counterfeit site that, for all intents and purposes, looks very similar to Google’s own site, and from there, could lure unsuspecting users into further compromising decisions.

What this means for you:

As of now, this particular attack only works on specific types of routers, and relies on the fact that many people have never set their router password to something other than the default it shipped with from the factory. Despite Mr. Calin’s warning, Apple is not planning to address the settings exploit, and has instead suggested that users can turn off the automatic loading of remote images in emails (the default setting in Android mail clients) if they wish additional security, but with the downside that all images, legitimate or not, would be prevented from loading. The simplest solution, of course, is to set your router password to something other than the default, and preferably one that is hard to guess or brute-force.

Image courtesy of Victor Habbick / FreeDigitalPhotos.net

ApplecyberattackemailexploitipadiPhoneiPodMacsecurity

Chrome still tops for avoiding phishers

  • 0
admin
Wednesday, 28 November 2012 / Published in Woo on Tech
No Phishing!

A recent study by security firm NSS Labs shows that Google’s Chrome browser still has the best detection rate (94%) for spotting phishing URLs, and on average, new malware sites are reported and blocked by all browsers within 5 hours of discovery, a significant improvement over the 16+ hours that same process would have taken in 2009. Firefox showed the best response time to reporting and blocking new sites at 2.3 hours – more than twice as quick as IE10.

What this means for you:

All of the major browsers have significantly improved their ability to protect users, to the point that there is very little statistical difference in their security capabilities. Many of my clients still ask me if one is better than the other, and the answer is always, “It depends on what you need the browser to do.” I still use Chrome for most of my work, but there are still enough times when I’m working with online apps that only work with Internet Explorer. The most important factor to consider is making sure whatever browser you do use is kept up to date, and that you practice safe and cautious surfing whenever working with unfamiliar websites.

ApplebrowserchromefirefoxGoogleinternet explorermalwaremicrosoftmozillaphishingsafarisecurity

Red-Light Special or Red Alert? A Special Black Friday Message

  • 0
admin
Wednesday, 21 November 2012 / Published in Woo on Tech
ID-10045252.jpg

The new tradition of Black Friday (and Cyber Monday) shopping online has not only caught on with bargain hunters hoping to avoid crowds and early-morning lineups, it has also caught the eye of the digital criminal element as well, who will be counting on naive (and not so naive) shoppers clicking on links to dodgy sites that instead of delivering amazing deals, will end up costing unwary shoppers hunters more than they bargained for.

It is believed that various cybercriminals will attempt to lure victims into clicking links promising deals too good to pass up, either delivered via email, or posted on the various bargain/coupon code websites that are scattered across the internet. Once you click a link to a site that is handing out malware instead of savings, your machine is likely to get infected with one of the hundreds of variants of malware, all with the express intent of, wreaking havoc on your holiday weekend (and beyond), extoring money out of you via ransomware demands, or worse still, lying dormant and undetected on your computer until you start typing in sensitive information, like the password to your banking website and email account. Once that happens, you are only clicks away from identity theft and probable financial damage.

What this means for you:

Common sense and caution are your best defenses, but you should also observe the following:

  • Have updated and working antivirus software from a well-known manufacturer.
  • Only click links to websites that you recognize – make sure the link you are clicking isn’t being spoofed.
  • Can’t confirm a website, or not familiar with the source? Google the domain name – the real domain name, to see if virus/hoax reports have been associated with that domain.
  • If the deal sounds too good to be true – it probably is. Call the store to confirm the deal if in doubt. Talk to a human.
  • Still can’t confirm? Proceed with extreme caution at your own risk. Is the deal really worth the risk of your security being compromised?

Image courtesy of “digitalart” / FreeDigitalPhotos.net

black fridaycyber mondaycybercrimefraudidentity theftransomwarescam alertsecurity

Passwords can no longer protect us

  • 3
admin
Saturday, 17 November 2012 / Published in Woo on Tech
Passwords are a Dead End

If you didn’t get your fill of scares this past Halloween, sit down and read this article about password security from Matt Honan, the Wired Magazine writer who’s digital life was destroyed this past summer in minutes by teenage hackers. If you only read one article this year, you should read this one, but in case you don’t (or can’t or won’t), I’ll try to sum up the most important parts of the article:

  • We are sacrificing privacy and security for convenience.
  • Passwords (even long, hard to guess ones) are no longer viable.
  • The technology industry hasn’t been able to come up with a better solution to this problem.

 

What this means for you:

Again, if there is one article you should read this year, especially as you gear up to get your online shopping done this upcoming Black Friday, it’s this one! You’ve heard me give you all the precautions and practices you should be following to better secure your online information, but Matt explains in easy-to-understand, non-technical terms why folks like me are growing increasingly concerned – and in some cases frightened. We, as a civilization, have hit a critical point in our history, and if we don’t make some careful choices and some necessary changes to how we use computers, we are heading down a road of security ruin that could impact anyone that uses technology as a critical part of their lives.

Until better solutions to the password problem arrive, there are some things you can do:

  • Don’t use the same login and password for multiple sites.
  • If it’s available, use 2-factor authentication to secure accounts, especially email.
  • Don’t use easy to guess passwords. Use really hard ones for your most important accounts.
  • Use a separate, hard-to-guess email account for password resets that is separate from your main email account. Gmail is great for this, as it offers two-factor authentication.
  • For password hint questions, eg. “What is your mother’s maiden name?” use incorrect answers that aren’t easily found on the web, and only you would know.

Read the article for even more tips on how to make yourself harder to hack.

 

2-factor authenticationdead endemailHackingpasswordssecurity

NASA loses laptop with sensitive data

  • 0
admin
Friday, 16 November 2012 / Published in Woo on Tech
nasa_logo.png

In yet another instance of high-profile data loss, the National Aeronautics and Space Administration (NASA) has announced that a laptop containing unencrypted, sensitive data was stolen. Ahead of a final determination of the extent of the data exposure, NASA has warned its 300,000 employees and contractors to be extra cautious and that they may be at risk for identity theft.

As a result of this theft and previous data exposure incidents, the organization has established a new policy that all laptops will be encrypted from this point forward, and until the encrpytion can be enforced, all laptops with sensitive data can no longer be removed from NASA facilities.

What this means for you:

The NASA laptop in question was password protected, but you may not be aware that gaining access to data on a password-protected laptop is trivial when you have the actual device in your physical control. Though it does add overhead to overall performance of laptops, encrpyted data partitions or even full-drive encryption is the only way to truly safeguard data on mobile devices, and a compromise that savvy organizations are willing to make in order to allow their knowledge workers the mobility required in today’s technology environment. If you or your knowledge workers work with sensitive data, whether it be employee records or client data, you should review your organization’s privacy and security policies to ensure you are properly protecting yourself from a damaging security breach and data loss.

data lossencryptionidentity theftlaptopnasasecuritysensitive personal information

Petraeus-Gate and Fallacy of Email Privacy

  • 1
admin
Wednesday, 14 November 2012 / Published in Woo on Tech
Email Security

Apparently, even the (former) head of the CIA can fall victim to a security breach. General David Petraeus recently handed in his resignation as the leader of the US’s Central Intelligence Agency when his extra-marital affair surfaced through an investigation led by the CIA’s own sister agency, the Federal Bureau of Investigation. What’s interesting is that the FBI didn’t use exotic technology or Hollywood-esque espionage to gain access to Petraeus’ “anonymous” email account –  in the end, it boiled down to a simple, lawful, court-order through the Electronic Communications Privacy Act. Once the FBI had covert access, they were easily able to track the account usage and trace it to the General himself.

What this means for you:

What undid Petraeus – aside from lack of integrity and fidelity – wasn’t his extremely clever usage of Gmail. Once again, the subterfuge was ruined by a person – in this case, by his own mistress, Paula Broadwell, who sent threatening emails to Petraeus family friend, Jill Kelley who then got the FBI on the case. In the course of any criminal investigation, the ECPA grants the government authority to access any electronic communication without a warrant if it’s under 180 days old, and if it’s older than 180 days, then all that is needed is a court order. Even if you think you’ve set up an anonymous email account, all email travels through the internet by virtue of metadata attached to the digital envelope that is impossible to hide. Think of it as a digital postmark. And because all data must come from somewhere and go somewhere, IP addresses (and logs) make it possible to pinpoint those locations with ruthless precision. The next time you send an email that you need to be completely confidential, think carefully about the implications of it appearing on the front page of every news website in the world. Obviously, the government doesn’t have the time (or the justification) to watch everyone in America, but they certainly have the means, and will to use it, even if it undermines one of their own sacred cows.

Image courtesy of renjith krishnan / FreeDigitalPhotos.net

affairBroadwellCIAECPAElectronic Communications Privacy ActemailFBIinvestigationIP addressmetadataPetraeussecurity

The Most Devastating Cyberattack You Never Heard About

  • 0
admin
Tuesday, 13 November 2012 / Published in Woo on Tech
Saudi Aramco Logo

In August of this year, one of the world’s largest oil producers, Saudi Aramco, was targeted in a cyberattack that crippled tens of thousands of its computers. Despite the apparent success of the attack and the impact this would have had on the company’s operations, oil production did not falter, and the global economy continued its drunken flirtation with failure instead of rushing into an oil-shortage-fueled orgy of self-destruction. Saudi Aramco has not been forthcoming on the details of the attack, or how they managed to survive it relatively unscathed, but in the eyes of security analysts and even our own Secretary of Defense, Leon Panetta, this attack was “probably the most destructive attack that the private sector has seen to date.”

There are conflicting reports about the motivation behind the attack. The hacktivist group “Cutting Sword of Justice” has claimed responsibility, citing the act as a strike at the House of Saud, the ruling body of Saudi Arabia, refuting claims by security analysts who believe the attack to be a state or government-sponsored reprisal for the Stuxnet attacks that crippled the Iranian Nuclear Program. Intended to cripple oil-dependent economies like the US, government-backed cyberattacks on companies like Saudi Aramco can also gain proprietary geological survey data that could be extremely profitable for other, competing state-sponsored oil companies.

What this means for you:

Information is power, and there are very few companies that don’t store their most valuable data on computers and servers that are somehow connected to a network, if not the internet itself. Even if they had the best security known to man, it’s believed that at least one individual inside Saudi Aramco provided the means for attackers to compromise a company that produces 12% of the world’s oil. You should never rely 100% on technology alone for security – humans will always be more fallible than computers. Additionally, it’s important to provide some level of separation in your core business operations so that if a segment of your business is paralyzed, the entire operation doesn’t grind to a halt because the computers are offline getting repaired.

cyberattackeconomic terrorismhacktivismIranmalwareoilsecuritystuxnetvirus

Go to Denmark for the Safest Computing

  • 0
admin
Wednesday, 07 November 2012 / Published in Woo on Tech
Kaspersky Logo

Kaspersky Labs just released their quarterly threat report for Q3 2012, and it’s dry reading for most folks not fascinated by IT security as I am. There are some notable trends that their research has surfaced, and I thought you might find some of these data points interesting:

  1. You are least likely to be infected by a fellow countryman in the nation of Denmark. (The US is in the lower first quartile, in case you were wondering.)
  2. Russia has overtaken the US as having the most websites hosting malware software.
  3. The most commonly found smartphone virus is designed to steal money from you by texting premium-rate numbers without you noticing.
  4. The most common way to get a virus infection is via drive-by infections, ie. visiting a dodgy website and getting infected when your browser loads pages that have embedded viruses.
  5. Of the top 10 most commonly found software vulnerabilities, 2 are found in Oracle software (Java), 5 from Adobe (Flash, Shockwave & Acrobat), 2 from Apple (Quicktime and iTunes), and 1 from Winamp.
  6. Over half of the detected malware infections came from Java vulnerabilities.
  7. For the first time in many years, Microsoft did not make the Top 10 list of vulnerabilities!

What this means for you:

Keep your software up to date. The java vulnerabilities have been patched, but many people ignore (or aren’t even aware) that Java needs to be kept up to date just like any other software installed on their machine. Keep your browser up to date, and if you have the choice, use the latest version of IE, or even better, Google’s Chrome browser. However, nothing will keep you safe if you don’t have proper malware protection installed, updated and ACTIVE. If you use an Android phone, see my previous article on the dangers of side-loading questionable apps. As of the moment, buying smartphone anti-virus software isn’t at the same state of “must-have” as computers, but we may be fast approaching that point. If you are careful about the apps you install on your phone, you don’t need it…yet.

adobeAndroidAppledrive-by infectionflashitunesjavakaspersky labsmalwareoraclequicktimesecurityside loadingvirus

Malware Apps for Android on the Rise

  • 0
admin
Monday, 05 November 2012 / Published in Woo on Tech
Android Logo

According to analyst IDC, Android-based smartphones account for three out of every 4 phones sold worldwide in Q3 2012. As anticipated, this expansion of the market has also prompted a surge in fraudulent apps being developed and installed on phones. Security firm F-Secure  reports a 10X increase in the number of distinct malware apps detected in the marketplace, finding over 50k apps this quarter alone. Most of these apps appear to be making their debut on 3rd party apps stores outside of the US looser security standards allow the malware to slip into the marketplace undetected.

What this means for you:

Earlier this year, Google implemented a security review process on its official “Play” store, reducing the number of fraudulent apps significantly. However, unlike the iPhone ecosystem, which locks users into only getting apps through its tightly controlled and reviewed iTunes appstore, Androids can bypass the Google’s official appstore to “sideload” apps on their smartphones via a single checkbox setting that is available in the operating system. Just because you can do something doesn’t mean you should. With the possible exception of Amazon’s App Store, I would not recommend installing apps from any 3rd party app store. Amazon.com led the way in sideloading by announcing their own appstore in early 2011, primarily as a means to avoid paying distribution fees to Google to service their own Android-based Kindle devices. Given that keeping their user base safe is probably of utmost concern, it’s likely that Amazon will be carefully reviewing apps distributed through their ecosystem.

If you insist on sideloading apps from a 3rd party app store, make sure you know what you are doing, review the apps carefully, and when in doubt, do your research before installing that magical app that will do it all, and is also free. It may not cost you any money up front, but the longterm damage to your security and identity may be a cost you can’t afford.

amazonAndroidAppleappstoreiPhonekindlemalwaremarketshareplay storesecuritysideloading

Millions of SC ID’s Compromised

  • 0
admin
Thursday, 01 November 2012 / Published in Woo on Tech
The state flag of South Carolina

On Friday, the state of South Carolina announced that it had been the victim of a major security breach, and that as many as 3.6 million state residents (nearly 77% of the total state population) may have had their Social Security numbers and other personal identifying data stolen by person or persons unknown. As security firm Mandiant investigates the breach, they further revealed today that as many as 657,000 local businesses may have also be impacted by the data leak. The severity of the breach was exacerbated by the fact that the compromised data was actually being stored unencrypted on state-run servers, despite the fact it contained extremely sensitive tax information going back multiple years.

What this means for you:

Unless you are a resident of South Carolina or your business has filed taxes in that state, this particular event probably won’t impact you directly. However, it does serve to highlight that governments, like many businesses, fail to take security as seriously as they should, often under-spending on security or even ignoring potential threats. If you work with customer data that might be considered sensitive, are you doing enough to make sure that data is kept safe, not only from hackers, but from loss due to physical device theft, and damage from things like wildfires, floods, earthquakes or even a spilled cup of coffee? Most business won’t be able to prevent a determined hacker from penetrating their defenses, but they can make sure that sensitive data is stored properly (or not at all!) to minimize the collateral damage.

Hackingidentity theftsecuritysocial security numberssouth carolinataxpayers
  • 23
  • 24
  • 25
  • 26
  • 27

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP