Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Cloudy with a Chance of Outages

  • 0
admin
Tuesday, 30 October 2012 / Published in Woo on Tech
ID-10054234.jpg

On October 26 of last week, a number of popular, “cloud-based” services suffered multi-hour interruptions. Among the outages was Google’s App Engine, a platform that is used by thousands of other websites and internet platforms including one of my favorites, Passpack.com. Some of your favorites may have been impacted as well: Dropbox, Tumblr and even YouTube were affected. For many, this was a non-event, particularly those who operate and compute within enterprise-based platforms, or rely solely on the desktop and storage of their own computers. C2 Technology relies heavily on cloud-based services, primarily Google products, for our core information systems, and I use Passpack to track the multitude of passwords I need to do my work.  So when those outages hit on the 26th, I found myself unable to access the keys to my various digital kingdoms, and felt very much like someone who finds themselves locked out of their car, and at the mercy of another person’s timetable. In this particular case, Passpack.com wasn’t even to blame, as their own reliance on Google’s App Engine service hamstrung their ability to deliver service to their customers, and the fine engineers at Google themselves were struggling with the outage. Everyone’s brand took a hit, and yet there was no one any one of us could blame for the outage – not even a radical hackivist group looking to ruin someone’s day for political currency.

What this means for you:

Very simply, “Never put all your eggs into one basket.” This homily, however pastoral-seeming, still very much applies to how you should use technology, especially when it comes to your core business processes. As an illustration of how this can be bad: I was using Passpack to store my Gmail password, which was complicated and impossible to remember, and instead relying on a complicated, but easier-to-remember passphrase to access Passpack to retrieve that password whenever I needed it. When Passpack went down, so did my ability to access Gmail and all of my client contact information. The lesson to take away from this: if you are going to store critical information online, have a back-up plan for continuing to operate without access to that information. Either back-it up locally (fraught with its own set of risks), or compartmentalize parts of your operations so that they aren’t heavily reliant on a single service provider, or the presence of the internet.

Image courtesy of “vichie81” / FreeDigitalPhotos.net

clouddropboxGoogleoutagespasspacksecuritytumblryoutube

Phishers Target Intuit Users

  • 0
admin
Tuesday, 23 October 2012 / Published in Woo on Tech
Intuit Logo

Now that the public’s overall awareness of phishing is much greater, getting people to click phony links in an email isn’t as easy as it used to be. However, phishers, now motivated (and possibly funded) by organized criminal elements, are investing more time in actually fooling people, producing very authentic-looking emails intended for audiences with accounts worth compromising, such as the ones that control payroll or bank accounts for small companies. A recent phishing campaign dissected by Webroot details a focused targeting of Intuit’s popular Quickbooks platform. Using a combination of scare tactics, actual Intuit branding and realistic-sounding text, actual Quickbooks users may be lulled into a false sense of security and click through to malware-laden sites which quickly compromise their computers.

What this means for you:

Whenever you receive a request from a known service provider via email, always, ALWAYS! check the integrity of the links they ask you to click, especially if the communication wasn’t expected. How do you check the links in an email? Read my previous post “Ransomware Virus Targets Skype Users” for details on how to check if the links are valid. Even if the email seems to be legitimate, skip clicking the links altogether and go straight the the website in question by typing in the URL yourself, or pick up the phone to call the company. Your computer and financial security are worth a few more minutes and keystrokes!

emailintuitmalwarephishingsecurityspear phishinwebroot

Spear-Phishing Effectiveness on the Rise

  • 0
admin
Thursday, 11 October 2012 / Published in Woo on Tech
Spear-phishing

Security analysts are uncovering a troubling rise in sophistication and cunning in targeted phishing attempts – also known as “spear phishing” – where attackers are actually adapting their tactics to exploit weaknesses revealed in common business worker behavior. Most obvious and easy to exploit is the fact that many businesses “shut down” on Fridays, and most workers, including corporate IT, disengage from the job and stop reading emails. Attackers savvy to this behavior trend send out the usual phishing emails with URL’s that are actually clean at the time of delivery, allowing them to arrive in user inboxes unmolested by corporate malware detection platforms. The attacker bides his time and waits to compromise the websites that were linked in the phishing emails until the last moment, say early Monday morning, hopefully just before users start to read the email that arrived over the weekend. Because the email managed to make it past corporate filters, the user wrongly assumes it’s safe, clicks the URL and his or her computer is then compromised through the usual malware attacks.

What this means for you:

Phishing emails are becoming increasingly harder to distinguish from the real thing, and it takes a trained eye to spot the best fakes. The most common phishing tactics are to email you about the following:

  1. Your account has been accessed by a third party
  2. (Bank Name) Internet Banking Customer Service Message
  3. Security Measures
  4. Verify your activity
  5. Account security Notification

When you receive an email like the above, and it appears to have come from a company or institution with which you work, examine the source of the email carefully to make sure the links actually go where they say they go. (See our previous news item Ransomware Targets Skype Users for more tips on how to tell if an email is legitimate or not.) If there’s any doubt at all, don’t use the links provided, but type them in or use a bookmark you created to ensure you are going to the proper website, or call a known, publicly-available phone number for the company to verify the request with a real human.

Image courtesy of David Castillo Dominici / FreeDigitalPhotos.net

emailhackersscamsecurityspear phishingvirus

US Congress: Chinese Firms Possible Security Threat

  • 0
admin
Tuesday, 09 October 2012 / Published in Woo on Tech
Huawei logo

In a House Intelligence committee report released on Monday, Oct 8, 2012, US lawmakers cite security concerns with Chinese electronics manufacturing firms Huawei and ZTE. Though neither could be considered a brand recognizable in the US, both firms manufacture electronics that are used to power telecommunication devices all over the world. Though no overt wrongdoing was detected in the 9-month investigation, the report notes that the firms refused to fully cooperate with the investigation. The Chinese government is known to have a heavy hand in directing operations and even strategy for Chinese businesses, mostly to ensure tight control over national security, so it’s no wonder investigators may have encountered resistance from the companies.

What this means for you:

Independent, industry-led investigations have not found any evidence that equipment utilizing parts manufactured by either company have purposefully included security defects or “backdoors” that may have been mandated by the Chinese government as a possible means to infiltrate other countries’ data networks, though vulnerabilities have been found in older Huawei routers. Similar defects have been found in Cisco routers (an American company) which lends credence that the vulnerabilities were not state-sponsored “backdoors”, but instead a product of ongoing security research and development. The intelligence report seems to be more politically minded as opposed to highlighting a clear and present danger, focusing on “what-if” scenarios given China’s heavy-handed government, and fails to note that Chinese (or any other nationality) hackers don’t need an easy-to-detect backdoor to hack American business interests.

backdoorChinacongresshuaweiintelligence committeepoliticssecuritythreatzte

Ransom-ware Virus Targets Skype Users

  • 0
admin
Tuesday, 09 October 2012 / Published in Woo on Tech
ID-10071870.jpg

A new variant of the Dorkbot Worm that plagued Facebook users in late 2011 has resurfaced via emails sent to Skype users with the message reading “Lol is this your new profile pic?” The email also has a zipped attachment that contains an executable titled “skype_[today’s date]_image.exe” hoping to fool careless Skype users into thinking that the attached file is an update to their Skype software, or more foolishly somehow the above referenced profile picture. Instead, it “zombifies” the computer and, in a new twist, also installs a “Ransom-ware” form of malware which encrypts the user’s data and threatens to delete it unless a payment of $200 is made within 24-48 hours.

What this means for you:

Even if you are running the most recent and most powerful anti-virus and anti-malware software on your machine, it’s still possible for your computer to become compromised merely because you “opened the door” by purposefully running the unindentified executable. There is nothing that can prevent your computer being compromised in these types of situations except constant vigilance. Here’s what you should be watching for:

  • Do you even know the sender? Do they normally email you out of the blue with an attachment? Obviously, attachments from strangers is a huge red flag!
  • Is the email you’ve received characteristic of the sender? Does it have unusual spellings (or misspellings), capitalization, punctuation? Is the subject matter something you would normally discuss via email?
  • Is the attachment something you were expecting, or at minimum, something you recognize? Is it normal for the sender to be sending you a file in this manner?
  • If the email includes links, do the links actually go to where they say they do? For example, look at this link I made to google.com (which actually goes to bing.com). See how easy it is to fake a URL? Use your email program’s “View Source” option to check suspicious links.
  • If you want to be certain, contact the sender via another means – phone, SMS, in-person – (their email account may be compromised) to verify they actually sent you a safe attachment.

 

Image courtesy of Victor Habbick / FreeDigitalPhotos.net

attachmentsconstant vigilancedorkbot wormemailmalwareransom waresecurityskypevirus

Recent Bank Website Attacks Were Sophisticated

  • 0
admin
Wednesday, 03 October 2012 / Published in Woo on Tech
ID-10094225.jpg

Several prominent multinational banks suffered website and online banking service disruptions over the previous two weeks as the result of focused and highly sophisticated cyber attacks. Apparently led by Middle-Eastern “Hackivists” groups in response to the “Innocence of Muslims” YouTube video controversy, researchers have indicated that unlike attacks seen in previous years, this series of attacks were well planned, highly organized and of sufficient force to have even taken down hardened and secure telecom companies who are well-versed in handling the Denial of Service attacks that are typically experienced. In these most recent attacks, the hacktivists used zombified user PC’s as well as thousands of compromised webservers to shut down bank websites for hours, and sometimes days at a time.

What this means for you:

Zombified PC’s are no good to their handlers if they are detected and sanitized before they can be “rented” out, and as such, the most effective malware infection is often one that exists quietly on your technology until it is called into service. Obviously, this could result in your computers or servers, previously well-behaved and performing normally, suddenly acting up and running slowly, usually at the most inconvenient time for you and your business. Always make sure your anti-malware software is installed, updated and working properly.

Keep in mind that it’s even possible for website engines to become compromised and used as a zombie. Unless you tend to your site regularly, it’s possible for it to become compromised without you even noticing – that is until a customer visits your website, notices something wrong, and takes the time to report it to you instead of moving on to something else. Not sure if your computers or servers are secure? Give C2 a call and let us put your mind (and business) at ease!

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

banksbotnetcyber attackdenial of serviceHackinghackivistsmalwaresecurityzombies

New California Law Keeps Your Facebook (Slightly More) Private

  • 0
admin
Friday, 28 September 2012 / Published in Woo on Tech
Facebook Logo

The state of California just signed into law a ban on employers and universities requiring employees and applicants grant them access to their social media accounts (e.g. Facebook or Twitter). As surprising as this may seem, this was actually a thing for awhile. That is, until the internet started a ferocious publicity storm and names were named. Even still, the practice has been common enough to galvanize California lawmakers to take matters into their own hands and pass a law that in effect orders companies and universities to stop being so creepy.

What this means for you:

As of January 1, 2013, it will be illegal for you to ask your employees or applicants for access to their personal social media accounts, which will include things like Facebook, Twitter, MySpace, etc. Keep in mind, many people already openly share many aspects of their personal life (sometimes unintentionally!). As an applicant, even before it becomes an actual law, don’t let an institution or organization bully/intimidate you into this degrading invasion of your privacy.

As a business owner, employer or educator, this area is still very grey, and proper legislation is far from being clearly defined, especially as the boundaries between employees’ professional and personal lives are blurred by increasingly permissive/flexible business cultures. Remember the days when Facebook was banned at the office? Aside from the fears about wasted productivity, there were (and still are) very valid underlying concerns of mixing personal (and possibly very unprofessional) activities with business/educational pursuits. If in doubt, ask your HR representative, and check your conscience.

 

applicantsfacebookinvasion of privacylegislationpersonal lifeprivacysecurityuniversities

Another Day, Another Zero-day Vulnerability

  • 0
admin
Wednesday, 26 September 2012 / Published in Woo on Tech
Java logo

Threatpost has reported on a new zero-day vulnerability that is affecting the Oracle Java plugin used in all popular web browsers, and this time, all operating systems, including Apple’s OS X which is typically excluded from most security exploits. So far, the white hats are ahead of the game on this one, having detected and then demonstrated the hack to Oracle in a “proof of concept” as opposed to discovering malware in the wild exploiting the security hole. In case you missed it, Oracle experienced a similar situation not less than a month ago with Java 7, so it’s likely there are more holes waiting to be discovered.

What this means for you:

This is a fairly significant vulnerability according to the folks that discovered it, as it affects multiple version of Java, including the most recent version 7 release, and multiple operating systems. However, it does not appear to be widely exploited yet, giving Oracle time to patch it up before malware writers can disperse malware to take advantage of this hole. According to Oracle, Java is in use on billions of devices, so if they were to ignore this vulnerability, there could be serious repercussions. If Oracle drags its feet on releasing a patch, you may want to consider disabling the Java plugin in your browser, or uninstalling it altogether. Before you do that, make sure you don’t rely on Java for any critical business applications – you may be surprised to find out just how often you use Java without knowing it!

exploitjavasecurityzero day

Make Yourself Less Hackable

  • 1
admin
Tuesday, 25 September 2012 / Published in Woo on Tech
ID-10028974.jpg

Either stop what you are doing and read this article from PC World, or mark it for later and keep reading this story, because this may be the most important thing you do this month. 

Easily searchable personal information available on the web plus easy-to-guess passwords can lead to identity theft. Not worried about that? You should be. It’s a problem that won’t be going away anytime soon, and it won’t just affect your personal life – it can impact your business as well. Keep in mind that being targeted by a hacker versus getting infected by malware are two very different levels of danger. A direct hacking attempt is focused and presents a very clear threat to you, your loved ones and your business.

What this means for you:

Google yourself. Try various combinations of your name (including former names if appropriate). Now try your family members. Look for data that you might consider sensitive: age, birthdate, address, names of financial institutions, work or home addresses, and most importantly look for anything that you’ve used as a password. Don’t freak out! Google doesn’t know you that your dog’s name is your favorite password, but a clever hacker might figure it out just by guessing.

If you’ve sufficiently worried yourself, here’s what you need to do to harden your personal security profile:

  • Use longer passwords (8 or more characters) that are not easily guessable. That means you need to stop using your Mom’s birthday, your cat’s name, etc. Mix it up with numbers and punctuation. Hackers can crack a 5-digit/letter password in a single hour just by brute force. If you want to be really safe, use a Passphrase.
  • Don’t use the same password/passphrase on your important accounts, like Banks, email, data encryption, etc.
  • Search your email (especially if it’s cloud-based like Gmail or Hotmail) for any emails that contain passwords, delete those emails immediately. Delete any emails that list account/login names for important accounts. Do this even if the information is no longer valid – hackers can use the info to make better guesses about active account names and passwords.
  • Check your privacy settings for any social networking accounts you use (or have used in the past). If you don’t understand how they work, learn how they work or remove your account if you can’t/won’t take the time. This includes Facebook, G Plus, Pinterest, Yelp, etc. Anywhere you’ve typed in personal information about yourself may be a potential leak you didn’t know you needed to plug.

In the end, if you are able to make yourself even incrementally harder to hack than someone else, hackers are more likely to move on to easier targets. Obviously, if you need help hardening your personal or business security profile, don’t hesitate to give us a call!

Image: FreeDigitalPhotos.net

hackersHackingpassphrasepasswordspersonal informationsecurity

Startup Bromium Imagines a World Without Malware

  • 0
admin
Thursday, 20 September 2012 / Published in Woo on Tech
Bromium Logo

Bromium, a new startup by the same braintrust that founded Xen – a popular virtualization platform now owned by industry giant Citrix – is promising their new product, “vSentry” will return computer users to the heady days of pre-virus computing. The basic idea behind this product is basically a combination of virtualization and hardware/software compartmentalization that creates agents called “microvisors” that act as a disposable “mini-computer” that are fired up to do things like read email, surf the web, play games, etc. and are then discarded completely once you have finished with that task. Conceptually, if, during the course of that task, the microvisor was attacked and infected by malware, the malicious code would end up going nowhere in the end, as the agent was dismissed from use. Think of the microvisor as a pair of impermeable, disposable gloves, tossed into the waste bin after every use, without the landfill aftermath. 

What this means for you:

Based upon what I could tell, the product is still in the very early stages, and not yet readily available to the average computer user. It’s nice to imagine an internet where you can open an email from a friend, click a strange attachment and not worry about utterly destroying your computer. Even with the best-in-industry anti-malware software installed on your computer, the weakest link is still the operator at the keyboard. Until this product becomes a reality, and gets installed on every computer, vigilance is still your best defense against the wild internet. Always make sure your anti-malware software is installed, updated and WORKING. Always back up your data, and make sure those back ups are good. And if you are ever in doubt about your computer’s security, give us a call!

anti-malwarebromiumcitrixinfectionsmalwaresecurityvirtualizationvsentryxen
  • 24
  • 25
  • 26
  • 27

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP