POODLE.
Time to Stop Using IE6

If anyone out there is still using Microsoft’s IE6 browser, this week adds another reason its time to upgrade: POODLE (or Padding Oracle On Downgraded Legacy Encryption). Now that’s a mouthful. It is the most recent technological vulnerability discovered by some engineers at Google.  The issue revolves around an older SSL certificate technology (SSL 3.0) and the way data is sent using this protocol.

While the SSL 3.0 technology is 15 years old, some who use older browsers (most especially those who somehow are still using IE6) are vulnerable to this issue.

The answer is simple, especially with software that deals with the Internet; be sure you stay as close to the most current release of your software (browsers especially) as you can.  Security engineers are constantly at work looking and providing fixes for vulnerabilities that can lead to hackers gaining control of your computers and/or your data.  When they find an issue, the engineers release patches for their software. But if you never upgrade or install these patches, you are leaving yourself open to attack.

It might be a pain at times, but staying current with your computer software is vital  these days…

Keep your private data private.

A quick thought: If you don’t want sensitive information/photos/etc. taken from you, don’t put that information up on the web (or keep it sitting on your smartphones). While so many tech companies will bend over backwards to tell you how safe your information is “in the cloud” and/or “on their servers”, the simple truth is, nothing is 100% safe if it is connected to the web.

So if you need to take racy photos of yourself or your significant other, and don’t want them to appear all over the net, use something old school like this; a Polaroid Camera:)

camera

Its a quick one!

Two Tips for Today:

1) If you have a password that is an actual word (or is all letters), CHANGE IT NOW.  Using what are called brute force (dictionary) attacks, a hacker can “guess” your password in seconds!

A client of ours this week had their password “guessed”, and in just a few hours the hackers/spammers sent out over 20,000 emails using our client’s email account! The result? Our client, along with the entire email server, was labeled by Verizon, Comcast, AOL, (and other services) as a spammer. It not only caused problems for that client, it effected hundreds of other clients as well.

Change your password!  Use odd characters, capital letters and numbers.  And don’t use the same password for multiple websites. A password takes about a minute to change, but could save you HOURS of frustration.

2) If you get strange emails from your friend who has an AOL email address (or yahoo or another free email service), with weird web links in that email, your friend’s AOL account was broken into and hackers/spammers are using that account to send spam.  Contact your friend immediately and tell them to change their AOL password ASAP.

OH and if you are using AOL for business email, call us today and we will get you setup with your own company email and help bring your business in to the 21st Century!  If you use AOL, you have no idea how many emails you might not be getting from your customers, clients, prospects and/or leads… In this economy, its not worth the risk to use AOL for business.

 

Identity Theft Is Easy

I was watching the Today Show this morning and they had a short piece on the NYC’s implementation of free wireless in many of the subway stations in the city.  Free Wi-Fi can be found at many businesses today (many food chains are now offering it to their customers; Starbucks, Dunkin Donuts, etc…) and it is often a great convenience to people who are out and about with their iPads and/or their smartphones.  But with this simplicity comes responsibility.

What the majority of WiFi users do not realize is just how EASY it is for a hacker to grab your signal “out of the air” and analyze it on their laptops almost instantaneously, as you are browsing the web.  So what does this mean?  Well if you are checking your emails and are not using a secured connection, bingo!  The hacker now has your email address and password.  If you are logging into a small ecommerce site to check the status of your order and it is unencrypted, guess what?  They now have your username and password to that site.  AND if you are placing a new order and entering in your credit card on an unencrypted connection… well I think you know…

There are two tools to help you protect yourself and your data.  First when using Wi-Fi connections to connect to your work or to your home computers, if its possible, look to setup a VPN (virtual private network) to make your connections.  So as not to get too technical, think of a VPN as a special tunnel on the Internet where only your data can move through – if anyone should try to intercept your data “out of the air”, all they will see are random characters and numbers; basically gibberish.

For those of you that may not have the means to setup/maintain a VPN, the second tool is to make sure your sensitive data connections are using SSL (secure socket layer) protection.  (in your browser the website should read https:\www.mysite.com versus a non-encrypted site name of http:\www.mysite.com  (does not have the “s” in the http).

This goes for your email servers as well.  If you are unsure, definitely ask someone to check it out for you, to make sure your email server is using SSL or TLS.

As a final note, to give you a quick example, below is a free utility that anyone can download from Microsoft and use (click the images to zoom in).  While it isn’t exactly a tool a hacker would use to sniff Wi-Fi connections, it does show you how easy these utilities are made, to help read sensitive information.  The first screen shot shows a user logging into an unencrypted website via FTP (notice the username and password shown).  The second screen shot shows an encrypted connection using SSL.

All that was needed to see the information going across the net via Wi-Fi was to press the Start button on the software.  That’s it.

Be wise. be safe.

No encryption for Wi-FiEncrytped Connection across Wi-Fi

Online Safety – think about this long and hard…

Are you overwhelmed with usernames and passwords for all the websites and apps you use? OR worse, do you use the SAME password for everything?

Do you think you are safe, that no one would want your information?
Think again.

If you are part of the “one password group” you really need to consider changing that practice asap. If you don’t, and your single password should somehow be compromised or stolen, someone can very easily take over your online life (and possibly even your life offline!). But how do you keep track of all your usernames and passwords? If you write them down on paper, what happens if that paper is lost or stolen?

Well let me tell you about a FREE little utility I have used for the past 5 years. It is called Password Safe. It allows you to create as many accounts and passwords as you need. It also allows you to group those passwords into categories (home, work, financial, etc…). Some people even use it to store offline information such as bank account numbers, entry passcodes, credit card numbers, you name it. Oh, did I mention that it is free? And instead of having to remember ALL your different usernames and passwords, you simply need to remember just the one.

OK, so now all your information is stored in this password safe, what if that program is broken into? Well that is where I advise you to create your own pass-phrase for your  program. Unlike a password that is normally 6 to 8 characters, a pass-phrase is normally 10, 15 or even 20 characters. It could be a line from a favorite song with a slight twist; you want to replace some letters in the phrase with odd characters that only make sense to you.

So for instance, the following song line: “If we weren’t all crazy we would go insane”, could become the pass-phrase “If w@ w@r@nt *ll cr*zee we wood go inS*ne”… At first glance, pass-phrases look difficult to memorize, but they really aren’t; especially if you are using it daily. The best part is that while an 8 character password can be broken quite easily with today’s fast computers, a strong pass-phrase might take months to decode using a computer and a brute force attack.

So today’s quick tip, try Password Safe (by the way did I mention, its free!)…
And no matter what, think hard about upgrading to pass-phrases instead of passwords.

To get Password Safe, click here (its free)

 

 

Holiday eShopping is here: Don’t get scammed!

Follow these 3 Steps to protect yourself!

Today I almost clicked on an email that was most definitely a spam/scam message. The email looked that legit to me (and I definitely should know better). Only after taking a few seconds and remembering these three easy steps did I catch myself before it was too late.

First some vital information: Many of the spam emails you receive are sent for one reason, to get you to click on any of the links contained in the email. Once you click on a link, your web browser will open and there is a good chance your browser/computer could be infected with a virus or some sort of malware.  But there is more… You could be sent to a website that looks JUST like a real company’s site, and once there, you may innocently proceed to type in your user-name and password to login to your account.

But Guess what?
You just gave your real account information directly to a hacker. 

The site you were sent to was in fact a bogus website, and when you logged into your account, you sent your information off to the hacker.  What is even more frightening is that some hackers are so skilled, they can grab your real user-name and password you just typed, save that information to their own computers, then incredibly, log you into the legitimate company’s website! (all within a second or two)

Now you are truly logged into www.Amazon.com, BUT you gave away your user-name and password information to the hacker, and you don’t even know you did so!

So before we even get to these 3 quick steps, know that the goal of most spam email is to get you to “click”. That means whatever you do, do NOT click unless you are VERY sure about the email message; even if the email appears to come from someone you know (or a company you trust, like Amazon, the example shown below).

Now without further delay, here are your three quick steps:


Step 1:

Roll your mouse over any link in the suspected email message.

Step 2:
At the bottom of your email window, you “should” see the URL address (the website) that link represents.  If the URL does NOT contain the main company web address that seems to have sent this email, do NOT click on any of the links in the email. For instance, the example here appears to have been sent by Amazon, stating that I placed an order – which of course I did not place. The plan is to get me excited and worried enough to want to immediately find out if someone broke into my account, by clicking on a link. **

Step 3:
If you are still worried that someone has broken into your account. Simply open up your browser, type in the company (www.amazon.com) and login to your account like you always do. Then look up your orders.

In fire rescue they say; Stop, Drop and Roll

With email rescue let’s say; Stop, Think, and DON’T CLICK

** If your email reader does not display the URL at the bottom of your screen, then you can try right-clicking the link (which will NOT open your browser but will open a small pop-up menu). From that menu choose “copy link location” and then right-click into a word processing program and choose to “paste”.  That will show you the link’s URL without it opening up your browser.

6 Quick Tips To Keep Your Computer Safe

Not a week goes by without at least one client/friend/family member asking how to steer clear of viruses on the net.

So here are some quick tips (for Windows users):

  1. Antivirus Software.  Get it, install it and maintain it.  Our favorite is Norton Internet Security, but even the free antivirus programs will work.
     
  2. When browsing the Internet, use Firefox, Chrome or Safari for Windows as your browser.  Microsoft’s IE (Internet Explorer) is simply too tied to the operating system (Microsoft Windows XP, Vista, 7, 8) of the computer and has too many weaknesses. Our favorite: FireFox.
     
  3. For Windows Vista and later versions, don’t use the default administrator account as your regular user’s account.  Create a new regular user and use that account.  This helps prevent unwanted software/viruses/malware from being installed on your computer without your knowledge.
     
  4. Get to know Windows System Restore.
     
  5. Back-Up your data. Just do it.
     
  6. Oh and did we mention to back-up your data?  AND back-up to ANOTHER computer or DVD or USB Key or portable hard-drive.  If your computer crashes and your only back-ups are on that computer, you are up the river without a paddle.

PS: While Apple products and linux operating systems aren’t as big a target as Windows, hackers are getting more and more skilled each and every day. So whatever you use to browse the web; computer, iPad, iPhone, Android phone, etc… Please back-up your data.

Is your website vulnerable?


Was your website built over 2 years ago? Have any coding changes been made to it since then? Do you allow visitors to submit information to you via your website, and/or make purchases, or send you any sort of sensitive data? Do you have an administrative area on your site?

We know, a lot of questions… But there is a very good reason. If you answered “yes” to any of those questions, your website might be in danger. Over the past year hackers have dramatically increased their attempts to break-in to both large AND small websites (In today’s business environment, not a week goes by where there isn’t some story about a security breach related to data technology).

Internet years are even greater than dog years and because of that we all need to be extra vigilant with our own security features and functionality, to insure the safety of everyone who visits our websites or uses our custom software applications.

At Emaxed we offer our clients a Security Audit and Remediation Engagement to help. While our audits are not on the level of the FBI or CIA, they do provide a good cost/benefit approach for our clients’ small to medium size websites.

If your web service provider does not offer a similar service, give us a call (856-428-8038) to discuss, we would love to help.

No matter what, do not put security off until tomorrow, it just might be too late.