Security

Archive for Security

POODLE Bug Presents a Major Network Security Risk

No, I’m not joking around. It’s real. You may be familiar with bugs known as Heartbleed and Shellshock, which I’ve addressed them in earlier BLOG posts. But now, it’s time that you be made aware of a new bug called POODLE (Padding Oracle On Downgraded Legacy Encryption). Simply put, POODLE allows hackers to access and steal information on encrypted connections.

It is important to note that this is NOT a flaw in SSL certificates, their private keys, or their design but in the old SSLv3 protocol. The bug hijacks pieces of information by using this outdated web communication protocol, leaving systems susceptible to information theft. It’s not believed to be as serious as the Heartbleed bug in OpenSSL, since the attacker needs to have a privileged position in the network to exploit the latest. The usage of Hotspots, public Wi-Fi, does make this attack a real problem. This type of attack falls into the “Man-in-the-middle” category.

How Do They Do It?

Did you ever wonder why you don’t have to log into your e-mail account each time you use it? This is because your browser has a cookie installed which lets your e-mail know that you are who you claim to be. While this is convenient, it can present a problem. If a hacker tricked you into connecting to a bogus wireless hotspot, for example, this bug could allow them to steal a cookie from your computer. This would give hackers a chance to steal enough information from a web connection that they that they would then be able to steal your cookies and effectively pretend to be you.

The Risks

When POODLE emerged earlier this year, security officials got to work and quickly patched many of the sites that were most vulnerable. Unfortunately, it seems, the experts did not go far enough. The bug formerly attacked an outdated version of SSL (Secure Socket Layer), which is no longer used on modern browsers, but is around due to some older sites, which still require it. Another newer layer of security called TLS (Transport Layer Security) has now been found to also be susceptible to POODLE and a fix has yet to be implemented. By the way, some banks are susceptible to the new iteration of this bug.

There are ways to keep your browser safe and to find out whether or not you’re at high risk for such bugs. BizTek Connection wants to make sure you’re doing everything you can to keep your company’s web presence and security safe. For more information, contact us via phone at 501-542-4241 or email at info@BizTekConnection.com

Posted in: Malware, Security

Leave a Comment (0) →

Ransomware – Coming to a Computer Near You!

It seems like it never ends… It seems that Malware is cropping up quicker than the industry can update the virus definitions and today is not different.  But there appears to be a new variety of Ransomware that has recently hit the market.  From what the industry has found so far, KEYHolder appears to be from the same folks that were behind Cryptorbit. It goes by the name KEYHolder.  Although Ransomware may seem like a relatively new type of attack, it actually goes back to the “AIDS” Trojan (also known as “PC Cyborg”) as far back as 1989.  In other words, they are really good at making, and propagating, this type of attack.

Like other Ransomware, KEYHolder will encrypt files (anything/everything from documents, music, videos to images, etc.) on any attached drives, including network mapped file shares. Once the encryption is complete, a ransom of $500 is demanded for the unlock key. The user is directed to download a Tor compliant browser and make the ransom payment through a Tor masked server.

It is thought, although no one is positive at this point, that the initial infection occurred via email.  As this is still developing, the industry as a whole is working to mitigate this threat, there is still much speculation around KeyHolder.  There is some chatter in the security community about infections happening through direct control of systems from the outside, but we have seen no evidence of this. Source files are still being investigated and signatures, to mitigate the risks will be updated by Antivirus vendors as quickly as possible.

This is a very valid, potential threat. Until more is known, and the industry has released fully functioning definition files to reduce the related risks, it is strongly recommended that you inform your users of the following:

1. Do NOT open attachments from unknown senders. While we have seen Ransomware attacks sourced from watering hole attacks, or social harvesting attacks, the vast majority are coming in through email via spear-phishing attacks.

2. Backup often.

3. Do not click on links that seem suspicious

4. Do not allow any software that you do not know the origins of to be installed on your system.

5. Keep endpoint security versions update

6. Keep endpoint signatures up to date

7. Contact BizTek support staff if you have any doubt about your current level of protection, or suspect that you are infected in any fashion.

Malware in any variety, is a pain, even in it’s simplest form.  But some, such as Ransomware and other, can bring your business to its knees.  If you are not confident that you have this base covered, give us a call.

Posted in: Malware, Security

Leave a Comment (0) →

POODLE Bug (AKA POODLEbleed)

Another bug has recently been found in the Secure Sockets Layer (SSL) 3.0 cryptography protocol which could be exploited to intercept data that’s supposed to be encrypted between computers and servers. This was discovered by three Google security researchers who went on to offer detailed info about how it could be exploited. That info is readily available but far too technical for this medium.

It is important to note that this is NOT a flaw in SSL certificates, their private keys, or their design but in the old SSLv3 protocol.  SSL Certificates themselves are not affected and customers with certificates on servers supporting SSL 3.0 do not need to replace them.

The usage of Hotspots, public Wi-Fi, makes this attack a real problem. This type of attack falls into the “Man-in-the-middle” category. Basically, an attacker that controls the network between the computer and server could interfere with the handshake process used to verify which cryptography protocol the server can accept. It does this by using what is referred to as a “protocol downgrade dance”. This “dance” will force computers to use the older SSL 3.0 protocol to protect the data being sent. Attackers can then exploit the bug by carrying out a man-in-the-middle (MITM) attack to decrypt secure HTTP cookies, which in turn could let them steal information or take control of the victim’s online accounts.  Remediation steps, by webmasters around the world have already begun but there still remains a lot of work to be done.

What End-Users Need to Do

For end-users accessing websites Symantec recommends:

  1. Check to see if SSL 3.0 is disabled on your browser (for example, in Internet Explorer it is under Internet Options, Advanced Settings).
  2. Avoid MITM attacks by making sure “HTTPS” is always on the websites you visit.
  3. Monitor any notices from the vendors you use regarding recommendations to update software or passwords.
  4. Avoid potential phishing emails from attackers asking you to update your password – to avoid going to an impersonated website, stick with the official site domain.

And, as always, if you have any questions, concerns or help, give us a call.

Posted in: Security

Leave a Comment (0) →

Here Data, There Data, Everywhere…

Without a doubt, you work hard to protect your corporate data.  It is the lifeblood of your company.  Whether competitive information about your products and services, or personnel and payroll data, a breach can cost your business everything.  And so far you’ve done an effective job of protecting your data.

 

But nothing stays the same.  We’re continuously forced into paradigm shifts from external factors.  One of today’s biggest challenges is the growth of mobile devices in the workplace.   Exacerbate that problem with your secure (hopefully) corporate WiFi network.  What often results is your highly protected corporate data begins walking out the door inside employees’ smart phones and tablets.

 

Even if you exclude the possibility of employee-initiated data theft, your corporate data is moving around everywhere.  A lost or stolen device can easily result in a hacker accessing that data.  If configured for mobile network access, that thief may also have access to your network.

 

Then when things seem complicated enough, in steps BYOD (Bring Your Own Device).  Many businesses are beginning to encourage (or require) their employees to work from their own desktop, laptop or mobile devices.  While a popular way to reduce the cost of business, particularly among sales departments, this practice further complicates the process of protecting your corporate data.

 

So what is a company to do?  Fortunately, these issues have already been addressed by other companies around the world.  One benefit of being a small-to-medium sized business is being able to learn from larger companies’ investments.  And as those solutions are replicated on a massive scale, the cost of implementation drops dramatically.

 

BizTek would like to assist you in addressing these potential nightmares.  One of our IT Consultants can meet with you to determine your best course of action.  There are numerous ways to protect your corporate lifeblood and we can help you navigate to the right decisions.  Give us a call today!

 

Making your technology seem invisible…

Posted in: Security, Tech Tips for Business Owners, Tips and Tricks

Leave a Comment (0) →

Managing Your Firm’s Password Security

If your organization hasn’t taken a good look at password security lately, you should.  Your corporate data is only as secure as the weakest password.  Anyone that works at a Fortune 1000 company can tell you that the strength of their passwords are managed, along with the frequency of changing them.  This article is designed to provide you with an overview of best practices.

 

Password Enforcement

Most password policies can be automated using a domain controlled server.  Once established, your policies will be enforced without any human intervention.  BizTek is happy to assist you in this process.

 

Password Strength

Policies should require a minimum password length (eight characters is typical but may not be appropriate).

 

Policies should have requirements on what type of password a user can choose, such as:

  • The use of both upper- and lower-case letters (case sensitivity)
  • Inclusion of one or more numerical digits
  • Inclusion of special characters, e.g. @, #, $
  • Prohibition of words found in a dictionary or the user’s personal information
  • Prohibition of passwords that match the format of calendar dates, license plate numbers, telephone numbers, or other common numbers
  • Prohibition of use of the organization name or an abbreviation

 

Password Duration

Policies can require users to change passwords periodically, e.g. every 90 or 180 days.  Systems that implement such policies should prevent users from picking a password too close to a previous selection.

 

Unlike computers, human cannot easily delete one memory and replace it with another. Consequently changing a memorized password is very difficult, and most users resort to choosing a password that is easy to guess.

 

If choosing between the two, requiring a very strong password and not requiring that it be changed regularly is often better. However, this approach does have a major drawback: if an unauthorized person acquires a password and uses it without being detected, that person may have unauthorized access to your network for an indefinite period of time.

 

Common Password Practice

Password policies often include advice on proper password management such as:

  • Never share a computer account
  • Never use the same password for more than one account
  • Never tell a password to anyone, including people who claim to be from customer service or security
  • Never write down a password
  • Never communicate a password by telephone, e-mail, text or instant messaging
  • Always log off before leaving a computer unattended
  • Change passwords whenever there is suspicion that they may have been compromised
  • Operating system password and application passwords should be different
  • Passwords should be alpha-numeric and include a symbol

 

Password Generation

Strategies can be utilized for passwords that can be easily remembered, while meeting the strength requirements.  Symbols and numbers can be replaced for letters in memorable words, e.g. Gun$m0ke, An!ma1Hou$3.  Or phrases can be utilized, i.e. “A penny saved is a penny earned” = Apsiape.  And combinations of both, i.e. Ap$!ap3.

Posted in: Security, Tech Tips for Business Owners, Tips and Tricks

Leave a Comment (0) →

Managing Personal Passwords

Password Management Tools

Today there are a growing number of password management tools that can manage the myriad of passwords that you have to keep up with.  Many are free, some with premium versions available, and all are doing more and more the same things.  Frequently you can even import passwords from one tool to another.  Having been around for years, they are proving themselves to be secure and easy to use.

 

Some of the most popular password managers:

  • LastPass
  • Dashlane
  • RoboForm
  • PasswordBox

 

Typical features

Password Generation – Based on your settings, the password manager will randomly create and retain a strong password for new sites; options may include number of characters, symbols, numbers, upper and lower case.

Password Vaulting – Your passwords are maintained securely and automatically available (& inputted) when you return to the site.  Your access to the vault is protected by one single master password.  Obviously, this master password must be one that you can remember, and one that is difficult to crack.

Biometric Access – Some password managers will allow, or (optionally) require, fingerprint based authentication.

Browser Agnostic – Most password managers can be used with almost any browsers.  So you can switch from Internet Explorer to Google Chrome to Firefox.  Some even support Opera and Safari.

Form Filling – Rather than constantly inputting your name, address, company name, email address, your password manager can insert this information for you.  You can even set up your credit card information and checking accounts to eliminate the hassle of ordering online.

Portability – Some password managers will synch your information between multiple devices, all requiring the same master password.  This is helpful when going from desktop to tablet PC to smart phone.

Password Strength Monitoring – Many of the password managers will automatically inform you when you have passwords that are too weak.

 

If you are not currently using a password manager, you probably resort to writing down each of your passwords, or using the same password over and over.  Obviously, either of these methods is what the hackers are looking for.  Crack one password and they can take over your digital life.

Posted in: Security, Tech Tips for Business Owners, Tips and Tricks

Leave a Comment (0) →

Still Using Windows XP?

Some of our clients continue to use the Windows XP operating system, in spite of the fact that Microsoft ceased supporting this OS last April.  That means no more updates and security patches.  It is hard to believe that this OS has been around for 13 years… a venerable dinosaur by technology standards.  Still, 24% of all PC users are refusing to give up XP (“from these cold, dead hands…”).  Some have even asked Microsoft to develop an XP2, but they have no reason to go backwards.  They are busy rolling out Windows 9 in early October, which is the third OS delivered since XP.

So what’s so wrong about sticking with XP?
First, there are the security concerns.  Traditionally, hackers have taken advantage of the “end of life” support of operating systems.  They recognize that if they identify any weaknesses in XP’s armor, they can plunder at will without fear of Microsoft coming to the rescue.   And given their target market is currently 24% of all PC users, there’s much to be gained.

Second, XP’s initial replacement has been around since October 2009.  So any XP machines currently running are a minimum of 5 years old.  And up to 13 years old.  Most IT professionals recommend businesses refresh their PCs every 3 to 4 years.  This not only maintains current technology, but avoids the expense and frustration as PCs bogging down from bloated hard-drives and aging parts.  If you are running any XP machines, you have certainly gotten your money’s worth.

Finally, as mentioned earlier, Microsoft is not going to return to the XP operating system.  The good news is that Windows 9 will bring back the beloved Start menu.  They will continue to add features that enable a user to switch seamlessly between their desktop and mobile devices.  They will be introducing Cortana to the desktop (Microsoft’s version of Siri).  All this is to say that, like it or not, your choices going forward are to leave behind XP, in favor of the newer Windows, Apple or Android operating systems.  It is just a matter of how long you hold out, and the longer you do, the more difficult it will be to make that conversion.

As someone that recently converted from Windows 7 to 8, I can tell you that while it takes some getting used to, the change wasn’t traumatic at all.  But moving from XP to Windows 9 would most likely be.

Posted in: Security, Tech Tips for Business Owners, Tips and Tricks, Windows 7, Windows 8

Leave a Comment (0) →

WordPress MailPoet Plugin (wysija-newsletters) Has BIG Bug

It seems that every time we turn around there’s another area in which someone is jumping on a new way to exploit weakness on programs on our computer, Operating Systems and even on the websites/server we use to promote out businesses.  Today is no exception.  There has been another serious security vulnerability in the MailPoet WordPress plugin. Unupdated versions of MailPoet allows an attacker to upload any file remotely to the vulnerable website without any type of username or password being required.

File uploads of this time are used to ad code to your site that can cause you to become a spammer, or sell products that you know nothing of, nor make any money from those sales.  Basically, they can make your site open to just about anyone to do just about anything they want to do.  Any way you slice it, this is a serious issue. The MailPoet plugin (wysija-newsletters) is a very popular WordPress plugin with over 1,700,000 downloads so far. This vulnerability has been patched!  So, if you run the WordPress MailPoet plugin, please upgrade ASAP!

Are you affected?

If you have this plugin activated on your website, the odds are not in your favor. An attacker can exploit this vulnerability without having any privileges/accounts on the target site. This is a major threat, it means every single website using it is vulnerable.

The only safe version is the 2.6.7, this was just released a few hours ago (July, 1, 2014).

Why is it so dangerous?

This vulnerability gives a potential intruder the power to do anything they wants on a victim’s website. It allows for any PHP file to be uploaded. This can allow an attacker to use your website for phishing lures, sending SPAM, host malware, infect other customers (on a shared server), and so on!!!

Technical Details

Because of the nature of the vulnerability, specifically it’s severity, I won’t go into the technical details. The basics of the vulnerability however is something all plugin developers should be mindful of: the vulnerability resides in the fact that the developers assumed that WordPress’s “admin_init” hooks were only called when an administrator user visited a page inside /wp-admin/.

It is a easy mistake to make and they used that hook (admin_init) to verify if a specific user was allowed to upload files.

However, any call to /wp-admin/admin-post.php also executes this hook without requiring the user to be authenticated. Thus making their theme upload functionality available to everybody.

How should you protect yourself?

Again, update the plugin as soon as possible! Keeping WordPress and all plugins updated is the first step to keep your sites secured. If you don’t know how to do this, or even if you are not sure if your site us using this plugin, give us a call at 501.542.4241. We’ll help mitigate any risks.

Posted in: Malware, Security

Leave a Comment (0) →

Don’t expect any OS to unseat Windows

Quick: Name the best desktop operating system available today. Did you say Windows 8? If not, PC World writer Brad Chacos would like to debate you. He just recently wrote that Windows 8, despite having its well-publicized problems, ranks as the best desktop OS today. This goes against the trend, of course, with a long line of critics slamming Windows 8 frequently in the tech press. Is Chacos right? Is Windows 8 unfairly belittled? Take a look at some of the positive Windows 8 features that Chacos highlights.

The Offerings

Windows 8 blows away any other operating system when it comes to the programs and software that it provides, Chacos writes. No other desktop operating system can come close to the variety of programs that Windows 8 gives its users. Rare is a user who will ever use all of these programs. Looking for something? If you have Windows 8, the odds are good that it’s already provided by your Windows 8 operating system.

Syncing

Apple’s iCloud service has received excellent reviews. But Chacos writes that Microsoft warrants more praise for the syncing abilities built into Windows 8. As Chacos writes, you just need a Microsoft online account to immediately sync files, videos, photos and reports to any other computer running Windows 8. You can also immediately synch everything from browser specifications to desktop preferences. This syncing ability easily outpaces iCloud and the syncing capabilities of any other operating system, Chacos writes.

Internet Explorer

Internet Explorer doesn’t get a lot of respect. However the browser has actually improved in the years since Firefox has hit the scene, Chacos says. Today, the browser is easy to navigate. It’s also quite customizable. Best of all? Internet Explorer offers lots of protection from hackers and cyber criminals, Chacos writes. Computer-security company Symantec recently ranked Internet Explorer as one of the most secure browsers available.

Posted in: Security, Uncategorized, Windows 8

Leave a Comment (0) →

Quick — What is your business’ cybersecurity plan?

Here’s a statistic that should frighten the owners of small businesses. According to a recent story by Entrepreneur Magazine – the magazine cited data from tech security company Symantec – companies with one to 250 employees were the unwilling recipient of 30 percent of all cyber crimes in 2012. What makes this statistic important? It provides proof that small businesses who don’t enact a cybersecurity plan are placing themselves at risk of suffering their own cyber attacks.

Anti-Virus

The Entrepreneur story provides some simple steps all small business owners should implement to protect their companies from cyber criminals. The first? Install anti-virus software on your computers. It’s true that this software won’t catch every virus that comes your company’s way. Nevertheless computers are easy targets if you don’t have any anti-virus software installed on them.

Suspicious E-mails

Many company hacks start with employees accidentally opening suspicious e-mail messages. Because of this, Entrepreneur suggests that small business owners constantly remind their workers to delete any suspicious e-mail messages, even if they are supposedly coming from people they know. Business owners need to emphasize to employees, to not click on links they find after opening suspicious e-mail messages.

You Need Firewalls

Entrepreneur recommends, too, that you employ firewalls at your business. This can prevent hackers from getting at your inbound and outbound traffic. Just as importantly, firewalls can protect your company from your employees, walling off their access to potentially dodgy Web sites.

Posted in: Security, Uncategorized

Leave a Comment (0) →
Page 1 of 4 1234