remote-support

Home

Digitalwelcomemat industry news, PC hints, IT tips and more

Passwords should be unique

"Take some time to think about the quality and diversity of your online
passwords would all your online accounts fall domino fashion if one was
breached?"

I'm reposting this article from October 2013 even more relevant today than then... 

The recent Adobe hacker-fest has again brought up the subject of passwords so here is my recommendation... 

There are a full set of password rules and suggestions that are already widely recognised as being crucial for online security, see here for a great article: http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords that pretty much says it all. 

However, particularly relevant for now, you need to ensure that your passwords are always different from each other, if your Adobe password has been compromised you don't want that same password to have been used for your banking. 

Take some time to think about the quality and diversity of your online passwords would all your online accounts fall domino fashion if one was breached? 

If you're having difficulty in tracking all those passwords consider a password manager, there are a number of different product options. I use https://lastpass.com/ which is available in a free version or paid if you want the smartphone apps as well ($12 per year).

  6039 Hits
  0 Comments
Tags:
6039 Hits
0 Comments

Australia post malware emails

Beware the current run of Australia post malware emails, see below (this one is not really from Australia post). Remember to hover over the link in Outlook with your mouse before you click, in the screen shot below the link goes to a Russian web site: I expect is some sort of ransomware. Click on the link below to see the full post...

  5751 Hits
  0 Comments
Tags:
5751 Hits
0 Comments

Bad email reminder

See the following emails below sent on to me this morning which look legit at first glance. A good reminder to be careful what you click on,  see the link on the bottom one points off to a file stored on the sugarsync service. I don't know what this file does but I'm guessing that its not a great idea to find out unless you want the rest of the day (or week) off work.

Well spotted.

BadEmail1

BadEmail2

  7165 Hits
  0 Comments
Tags:
7165 Hits
0 Comments

Infringement notice bogus email.

See the email below, this initially had the correct office of state revenue logo which made it look fairly authentic, this is actually a bogus email and clicking on this link would most probably lead to trouble.

One quick "first" check you can do is to hover your mouse over the link (assuming you are on a device that has a mouse) as you can see by the image below its pointing off to a web site quality assignment something...

 

Infringement-Notice

  8030 Hits
  2 Comments
Tags:
Recent Comments
Guest — The Varls
I have been the subject of 3 infringement notices at once and foolishly clicked to see the image. I now find all my important wor... Read More
Tuesday, 18 November 2014 12:28
digitalwelcomemat
More info (not a fix sorry just more prevention warning): https://nakedsecurity.sophos.com/2014/11/03/gatso-speed-camera-phish-lea... Read More
Thursday, 04 December 2014 19:37
8030 Hits
2 Comments

What's not a backup?

Just a hint, a backup drive with all the files on is not a backup those backup drives are more susceptible to failure than the actual internal laptop hard or desktop hard drives.

A backup needs to be a second copy of the data.

BackupDriveFailed

  8989 Hits
  0 Comments
Tags:
8989 Hits
0 Comments

Crypto locker ransomware *BE CAREFULL*

I have had an instance of Crypto locker ransomware today on a client's site, would have been catastrophic if proper backup and disaster recovery practices had not been in place.

Be careful what emails you open, and certainly don't click on any links or open any email attachment files from suspect emails or unexpected emails from organisations such as:

Australia post
Any of the big banks
DHL
Fedex
ATO
Plus others.

Because Crypto locker isn't a virus as such it won't be detected by most antivirus software. This being the case you need to use care in evaluating the legitimacy of any email. Things to look out for are poorly formatted emails, spelling mistakes etc you can also hover your mouse over any links in outlook and get a popup "tip" of where those links point to.

If in doubt call me before opening, viewing clicking or downloading.

  7572 Hits
  0 Comments
Tags:
7572 Hits
0 Comments

All my business users want to install [insert software name here]

"All my business users want to install [insert name here] software should I just let them do that."

Firstly you are probably only getting this question because the users can't actually do the install otherwise they would have already done it (most likely). Normal users should not be administrators on their business PC's so that they can't just install whoever software they want and effect the integrity of their nice clean windows install and windows profiles.

Adding to the base windows system setup adds more software to maintain and one more possibility for system compromise or data leakage. For example is a user wants to install dropbox think through the implications of this?

If sensitive business files are going up on drop box is that OK company policy wise?

  • Who are they being shared with?
  • What if that person leaves or is terminated?
  • Is it OK legislatively to store these files offshore (based on Australian privacy law).

There is also the productivity aspect as well obviously software not required for business usage isn't typically installed on a business PC.

Now I know this can get a bit sensitive staff wise especially if you have demoted people from what they were used to and it possibly sounds over the top but I need to give you an idea about "best-practice".

My opinion is that "best practice" dictates a process whereby the user puts forward the "use-case" for whatever software they would like beyond the standard setup to their manager and then if approved at that level it its run that by IT support and finally someone either installs the software (depending on the software) or just enters the administrator password for that user to allow them access for a one time install, sounds like a big deal but should only take 5 or 10 mins to approve a well-known bit of software if it's a good fit.

Alternatively if you really need to you could just give a certain user (and an accounts person is a good example of someone who needs specialised software see my other blog about MYOB) varying degrees of administrative permissions on their computer so that they can do what they need to.

However you need to consider the implications of that, for example even though the manager/director/CEO has the highest level of authority in the organisation and has the administrator passwords anyway they should still not be an administrator on their own PC for safety reasons (malicious software, virus, social engineering etc.).

I know its a lot to think about but its a "plan now or pay later" thing.

  6634 Hits
  0 Comments
6634 Hits
0 Comments

Verify your MS account?

Microsoft appears to have recently updated its security policy's for multifactor authentication and is now forcing you to "verify" which essentially requires you to add a mobile phone number to your Microsoft account then enter the code that has been sent to you via SMS.

This has been a "feature" for added security for quite a while but just this morning I have had three outlook.com/hotmail.com/live.com email accounts that have been unable to send email until "verified". Ultimately it's good to have better security (after all you wouldn't want them to be careless an expose your personal photos and information out on the net right?). This will reduce the amount of spam out there as well but it does impose a 5 minute interruption on you.

As always keep your wits about you when handling this type of request.

Here are some notifications I have received:

OutlookVerify

 

OutlookVerify2

  6369 Hits
  0 Comments
Tags:
6369 Hits
0 Comments

Don't be an admin on your own PC

Running Windows as a standard user rather than with 'admin' rights removes over 90 percent of the risk" according to a recent study. (yes I know I have been going on about this for years):

Check to see if you are an administrator on your PC by right clicking on "My Computer" or "Computer" or "This PC" (depending on your Windows version) and chose manage.

  • If you are able to access the Windows computer management console (with or without a warning popup) then you ARE an administrator and you might want to consider changing that.
  • If you are prompted for a username and password then you aren't an administrator and are a lot safer from malicious software.

This is especially important for home users or less computer savvy users.

Current versions of windows have made running as a non-admin for everyday access a lot easier. When you are installing software or a new printer most of the time you can just enter the administrator credentials when prompted to do so and it doesn't hugely get in the way of getting things done.

If you are running as just a lowly "user" on your own PC and you open an email or browse the web and see the administrator popup then you know there is something wrong because these things should require admin access.

At that point you can pause to consider if entering administrator credentials would be a good thing or not.

 

  7238 Hits
  0 Comments
7238 Hits
0 Comments

Telstra or Microsoft phone call scam

Scam-AlertIf someone calls up purporting to be from Telstra or Microsoft (or anyone really) and offering to fix your computer please don't let them remotely access your PC and "fix" it for you. I know that sounds obvious but they play the numbers game in saying that they are aware that you are having issues with your PC or internet connection. Inevitably some of the people they will call at any given time will, in fact, be having issues just based on probability.

Having just fixed one of these issues in the last 24 hours I can assure you it's a significant and unnecessary expense to reverse their "fix", get your data back and restore your computer to a working state.

If anyone calls you offering to fix your PC I suggest you just politely decline and hang up on them, also be prepared that they will probably persist.

Also seriously consider NOT being an administrator on your own PC and instead have a separate administrator account. Also, never store banking, credit card details on your PC just in an unencrypted document.

 

  6633 Hits
  0 Comments
Tags:
6633 Hits
0 Comments

Whats a botnet?

Sometimes in IT things are hard to explain and when I get a good short explanation its sometimes worth sharing. This is from the Sophos antivirus guys:

[A botnet is a collection of] malware-infected computers, individually referred to as bots or zombies, that can be controlled remotely by criminals known as bot-herders or botmasters.

As well as stealing information such as banking passwords from each computer in the botnet, the crooks can also send commands to all the computers in the botnet at the same time, essentially giving them a huge distributed "network cloud" of computing resources.

Botnets can therefore be used to send massive quantities of spam (including spam runs containing email attachments with more malware), to clock up huge numbers of fraudulent but legitimate-looking ad clicks, to carry out online attacks, and more.

Attacks of this sort are hard to block because they originate simultaneously from thousands of innocent-looking computers, so there isn't a single, obvious source of criminality.

http://nakedsecurity.sophos.com/2014/07/13/gameover-malware-returns-from-the-dead/

Botnet

  6627 Hits
  0 Comments
Tags:
6627 Hits
0 Comments

Ebay hack reported, 128 million active users compromised

Ebay hack reported, 128 million active users account details globally compromised in Feb - March and they are only telling us now, thanks for that.

Do you have unique passwords for each of your online services? Consider yourself warned.

Here are some further details:

http://www.theverge.com/2014/5/21/5737914/ebay-will-ask-all-customers-to-change-passwords-after-massive-breach
https://au.finance.yahoo.com/news/massive-breach-ebay-urges-password-105845341.html
http://mashable.com/2014/05/21/ebay-breach-ramifications/

Excerpt:
..."For the time being, we cannot comment on the specific number of accounts impacted," said Ms Ramirez.

"However, we believe there may be a large number of accounts involved and we are asking all eBay users to change their passwords."

Potentially affecting eBay's 128 million active users globally, the attack could be one of the largest affecting a retailer.

It comes after retail giant Target disclosed a security breach which could affect more than 100 million customers....

  7047 Hits
  0 Comments
Tags:
7047 Hits
0 Comments

Backup plan in place for your personal files at home

Do you have a backup plan in place for your personal files at home.

I have had a look around today and confirmed that, in my opinion, the best on-line backup is still Crashplan: https://www.code42.com/store/

For one PC its $AU69.30 per year for unlimited data and it backs up continuously and automatically across the internet. All the data is transmitted and stored in an insanely high level of encryption on their servers.

A family plan is $165 which backs up to 10 computers if you have three or more PC's that's a good deal.

There are a few tricks for setting things up initially then there is a one time backup that copies all your data which may take a few days to complete but after that its pretty much set and forget and you get an email every now and then just letting you know that everything is going along OK.

Just be aware this won't work on a server (for business) its PC only.

If you want to work out how long the initial backup will take go here and run the test provided by another on-line storage provider: http://www.backblaze.com/speedtest/

Crashplan-logo

  8117 Hits
  0 Comments
Tags:
8117 Hits
0 Comments

Heartbleed vulnerability

heartbleed3Here is a roundup of the easiest to understand information about the heartbleed vulnerability, read these and you should have a pretty fair idea of the lay of the land.

I have told many of you before but best practice recommendation is NOT TO DUPLICATE PASSWORDS each service should have a unique, strong password that won't fall over domino fashion if there is a breach like this one, and the Adobe one a year or so ago and the Sony PlayStation one before that. How do you manage all these passwords?, well see below the info on lastpass.com. Its free on the PC and minimal cost if you want the multiplatform apps. This is important, consider yourself warned.

Here are the details on heartbleed:

From: http://www.pcauthority.com.au/News/382247,heartbleed-memory-bug-leaks-encrypted-data.aspx
Researchers have warned of a serious security bug in OpenSSL that allows encrypted data to be stolen. OpenSSL is an open-source library of SSL/TLS encryption - the transport layer security protocols by which email, IM, and some VPNs are kept secure online.
A bug dubbed "Heartbleed" lets anyone read the memory of systems using vulnerable versions of OpenSSL software, researchers from Codenomicon have revealed. "This compromises the secret keys used to identify service providers and to encrypt the traffic, the names and passwords of the users and the actual content," the researchers wrote on a website dedicated to the security bug. "This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."...

Office 365? Microsoft say this about Windows based products:

Information on Office 365 and Heartbleed: Microsoft Account, Microsoft Azure, Office 365, Yammer, Skype, along with most Microsoft Services, are not impacted by the OpenSSL "Heartbleed" vulnerability. [The] Windows' implementation of SSL/TLS is also not impacted. A few Services continue to be reviewed and updated with further protections.

From: http://www.theage.com.au/it-pro/security-it/heartbleed-security-bug-what-can-you-do-20140411-zqtff.html
...that chunk of data might include usernames and passwords, reusable browser cookies, or even the site administrator's credentials. While the exploit only allows for small chunks of data to be dumped each time it is run, there is nothing to prevent attackers from replaying the attack over and over, all the while recording fresh data flowing through vulnerable servers. Indeed, I have seen firsthand data showing that some attackers have done just that; for example, compiling huge lists of credentials stolen from users logging in at various sites that remained vulnerable to this bug.

For this reason, I believe it is a good idea for internet users to consider changing passwords at least at sites they visited since this bug became public (Monday morning). But it's important that readers first make an effort to determine that the site in question is not vulnerable to this bug before changing their passwords.

From: http://www.pcauthority.com.au/News/382523,heartbleed-dont-change-all-your-passwords.aspx
Security experts warn that changing all your internet passwords now could do more harm than good
Security experts are warning users to ignore advice to change all of their internet passwords in the wake of the Heartbleed compromise.

Lastpass password manager:

From: http://www.zdnet.com/worried-about-heartbleed-lastpass-security-check-has-you-covered-7000028367/
LastPass has updated its built-in Security Check so that you can now easily see which sites require you to update your passwords to be safe from possible Heartbleed attacks [and which to wait until they have sorted out their own SSL security first]....

Example screenshot:

LastPassHeartBleed

Lastpass: https://lastpass.com/

  8368 Hits
  0 Comments
Tags:
8368 Hits
0 Comments

Running Windows with ‘std' rather than ‘admin' rights removes over 90 percent of the risk

administratorRunning Windows with ‘standard' rather than ‘admin' rights removes over 90 percent of the risk" according to a recent study. See here for the full detail or below is an excerpt (yes I know I have been going on about this for years):

Running Windows users with ‘standard' rather than ‘administrator' rights would have removed over 90 percent of the risk posed by critical vulnerabilities reported in Microsoft products last year, an analysis by privilege management firm Avecto has found.

The firm first looked at 333 vulnerabilities reported by Microsoft in 2013 across all products in its monthly Security bulletins, finding that 60 percent would have been mitigated by removing admin rights. Studying only the 147 rated as the most serious, the mitigation level reached an astonishing 92 percent.

Check to see if you are an administrator on your PC by right clicking on "My Computer" or "Computer" or "This PC" (depending on your Windows version) and chose manage. If you are able to access the Windows computer management console (with or without a warning popup) then you ARE an administrator and you might want to consider changing that (will require thoughtful setup). If you are prompted for a username and password then you aren't an administrator and are a lot safer from malicious software.

However even as a standard user all the usual safe practices apply.

  7232 Hits
  0 Comments
7232 Hits
0 Comments

What is Windows XP end of support

WinxpEnding

"...so the take away message for organizations (and personal users) still running windows XP PC's is to upgrade now or fail to do so at your peril"

What is Windows XP end of support?
From http://windows.microsoft.com/en-AU/windows/end-support-help

Microsoft has provided support for Windows XP for the past 12 years. But now the time has come for us, along with our hardware and software partners, to invest our resources toward supporting more recent technologies so that we can continue to deliver great new experiences.

As a result, after April 8, 2014, technical assistance for Windows XP will no longer be available, including automatic updates that help protect your PC...

...If you continue to use Windows XP after support ends, your computer will still work but it might [WILL] become more vulnerable to security risks and viruses. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter greater numbers of apps and devices that do not work with Windows XP.

Computer weekly says the following:
Here http://www.computerweekly.com/feature/Windows-XP-support-will-end-this-year-are-you-prepared

Techies understand XP well, but then those writing malicious code understand it well too. With an ageing security architecture and a lack of full support, Windows XP will be a major platform for hackers to attack...

...For organizations, it should be the wake-up call to move to a more modern operating system that will be less open to such attacks.

So the take away message for organizations (and personal users) still running windows XP PC's is to upgrade now or fail to do so at your peril.

This will be a challenge world wide as XP is still installed on around 30% of the worlds PC's, testament to how good an operating system XP panned out to be. Because this is such a large number some security consultants are predicting that the hackers are probably sitting on an number of exploits and will wait until the product goes end of support before they release them. We are likely to see an increase in "drive-by attacks" where just by visiting a web site means you are infected let along downloading and running a file.

Having said all that I have been strongly recommending people move to windows 8 (or at least 7) for some time due to the significantly more secure nature of these products by design. As the sophistication of hacking technologies increased over time so has the sophistication of Windows to withstand these attacks.

If you have some legacy software or hardware that absolutely must run on XP and you have no choice but to continue, some things to consider:

  1. Don't connect this PC to the internet if possible
  2. DON'T Browse the internet on this PC
  3. Don't receive any email on this PC
  4. Don't use this PC at all except for the specific requirement.
  5. Its still absolutely not recommended so more conversation needs to be had if your planning to do this.

So what about windows server 2003 (which is the server version of windows XP)? Support for this product ends on 14/07/15 but you should really be looking at this NOW and scheduling a replacement date for any systems running 2003 this includes small business server 2003. 

  7615 Hits
  0 Comments
Tags:
7615 Hits
0 Comments

CryptoLocker virus

CryptoLocker From Wikipedia, the free encyclopedia

CryptoLocker is malware that surfaced in late 2013. A form of ransomware targeting Microsoft Windows-based computers, the trojan encrypts files stored on local hard drives and mounted network drives using public-key cryptography, and then displays a message saying that the files will be decrypted if a fee is paid through an anonymous payment service by a specified deadline, beyond which decryption is no longer possible.

Contents Operation CryptoLocker typically propagates as an attachment to a seemingly innocuous e-mail (usually taking the appearance of a legitimate company e-mail), or from a botnet. The attached ZIP file contains an executable file with filename and icon disguised as a PDF file, taking advantage of Windows' default behaviour of hiding the extension from file names to disguise the real .EXE extension. Some instances may actually contain the Zeus trojan instead, which in turn installs CryptoLocker.

Read more: http://en.wikipedia.org/wiki/CryptoLocker

  8874 Hits
  0 Comments
Tags:
8874 Hits
0 Comments

Passwords should be unique

The recent Adobe hacker-fest has again brought up the subject of passwords so here is my recommendation...

There are a full set of password rules and suggestions that are already widely recognised as being crucial for online security, see here for a great article: http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords that pretty much says it all.

However, particularly relevant for now, you need to ensure that your passwords are always different from each other, if your Adobe password has been compromised you don’t want that same password to have been used for your banking. 

Take some time to think about the quality and diversity of your online passwords would all your online accounts fall domino fashion if one was breached?

If you're having difficulty in tracking all those passwords consider a password manager, there are a number of different product options. I use https://lastpass.com/ which is available in a free version or paid if you want the smartphone apps as well ($12 per year), now free on mobile as well!!.

 

b2ap3_thumbnail_password.jpg

  8196 Hits
  0 Comments
Tags:
8196 Hits
0 Comments

Oh yeah "the cloud" is such a great idea...

Oh yeah "the cloud" is such a great idea... thanks' for keeping my information safe [again].

"Adobe suffers major cyber attack, the company has revealed that an intrusion led to an untold number of Adobe IDs and passwords falling into the hands of hackers. But it gets far worse. Adobe says "certain information" on 2.9 million customers may have also been compromised. Among that data set are customer names, encrypted credit / debit card numbers, and expiration dates."
Read more:
http://www.theverge.com/2013/10/3/4800042/adobe-suffers-cyber-attack-millions-of-customers-affected

 

  12597 Hits
  0 Comments
Tags:
12597 Hits
0 Comments

Welcome:

digitalwelcomemat now has a blog!

Subscribe for the news as it happens, call me for support on 0404 493 770 or access my remote support solution here: http://help.digitalwelcomemat.com/

Digitalwelcomemat provides IT consultancy and services for business customers on the NSW Central Coast in Australia.

Search

Articles

Contact:

Give me a call: 0404 493770

Go to top