Macs, long touted by Apple to be the safest and most secure computers available have been coming under increasing attack lately, with a growing number of Mac specific malware infecting systems. This has caught many users off guard and they have been scrambling to ensure their systems are secure. There is a new threat that could cause trouble for Mac users.

Dubbed OSX/Crisis, this malware has just been discovered, and it’s an interesting one.

OSX/Crisis silently infects Mac users regardless of their status. If a user visits a website it is hosted on, or downloads an attachment with the malware attached, it will install itself without letting the user know.

As Mac users know, there are two types of users: Admin and non-admin. Admin users have rights to install and delete files, while non-admin don’t. Typically, if a user install something they have to enter an admin password to complete the install. OSX/Crisis doesn’t ask for this permission, meaning the user won’t even know they’ve been infected.

When the trojan is installed, it opens a backdoor to your computer, so a hacker can quickly and easily enter your computer without you noticing, or having to log in. The disturbing thing about OSX/Crisis is it installs different files depending on the user’s access privileges, giving hackers access to the computer regardless of authority of the user.

Intego.com, the company that found the malware has noted that there have been no cases of this malware in users. While it isn’t out there yet, chances are highly likely that it will be soon. The company also noted that it only works on OSX versions 10.6 and 10.7, earlier versions and the new version, 10.8 won’t allow it to install itself.

If you use Macs in your office, you should take precautionary steps by installing virus scanners, ensuring they’re up-to-date and conducting scans on a scheduled basis. To learn more about this threat and other security issues, please contact us.

There’s a scene in Spaceballs, a movie by Mel Brooks, where the evil Spaceballs are trying to steal air from the planet Druidia. To do so, they force the king of Druidia to give up the password - 1,2,3,4,5 - to the airlock. After you hear the password, one character exclaims, “That’s the stupidest combination i’ve heard in my life.” While it may be stupid and you’ll probably never hear someone admit their password is 12345, recent account leaks from a number of websites have proven we still use passwords that are easy to guess when they shouldn’t be.

Here are three tips on ensuring that your password is secure and how to keep it that way.

Strength is important Websites use a security method called hashing to ensure your passwords are secure. Hashing is an algorithm that encodes your password, making it theoretically harder to unravel.

You shouldn’t trust on hashing to keep your password secure as recent breaches have shown that a company’s hashing may not be secure. Instead, pick a password that’s hard to guess. The most effective passwords have no full English words and a mixture of numbers and symbols. e.g., San1@3 is more secure than San123.

Watch for apres-hack emails After a company’s systems have been hacked and account information stolen, scammers often jump at the opportunity to send emails to users. These emails are designed to look like they come from the company when they really are phishing campaigns aimed at getting you to enter your personal information, or have links to websites with malware. If you get an email from a website, don’t click the links in the email. You should go directly to the website in your browser and log in from there.

Have more than one password Ideally you should use a different password for each website you have an account with, however, it can be hard to remember so many passwords. At the very least you should have separate passwords for work, personal and bank/financial related accounts.

If you’re worried about the strength of your password or the general security of your devices please contact us, we may have a solution for you.

The cloud and all related services are making large inroads into businesses around the globe, with many utilizing at least one form of cloud. One of the most popular categories of cloud in use is cloud storage. Until recently cloud storage has been relatively secure, but, a major cloud storage provider has recently had an incident where account information was stolen.

The cloud service provider that had its security breached was Dropbox. While the company has taken steps to remedy this situation, some users had their information leaked before the situation could be solved.

What happened? Dropbox made an announcement that hackers had stolen account information from another - undisclosed - website and used that information to log in to Dropbox accounts. One of the accounts happened to belong to a Dropbox employee who had other email addresses connected to Dropbox accounts stored in a document.

With the stolen account names, the hackers proceeded to send spam messages to users’ email addresses. It was complaints from users about spam emails being sent to accounts that are only associated with Dropbox that alerted the company to the problem. From information we’ve been able to attain, it appears that accounts stolen were mainly in Western Europe, and the UK.

Is Dropbox doing anything? Dropbox is to be commended for a quick reaction. They let users know as soon as they found out and announced two enhanced security measures on August 2. The first measure is two-factor authentication, most likely a password you enter that’s provided by SMS at the account activation stage. This measure should be in place within the next couple of weeks. The second measure is an account activity page which is available now and shows all the devices that have connected to your account.

As with any security breach, if you or your employees use Dropbox, you should take appropriate steps to change your password. To change your password, log in to Dropbox on your browser, select your account name from the top right of the page and click Settings. Select Security followed by Change password. You’ll also notice the devices or computers that have accessed your account here.

While this may seem like a big issue, Dropbox has handled the leak well and taken appropriate steps to remedy the situation. You shouldn’t let an issue like this sway your opinion on cloud services. If you’d like to learn more about how Dropbox, or other cloud storage and service solutions can be integrated with your business please contact us.

The Internet is one big massive information tool, we can find anything we want by clicking a mouse and hitting a few keys on the keyboard. Some information - passwords, addresses, etc.- we would like to keep secret from other users. We trust websites to keep this information safe and 99% of the time, our information is safe, however, there’s a chance your info could be breached. This has recently happened to two major websites.

The two breaches happened to Yahoo and Phandroid.

The Phandroid leak Phandroid is a large Android centric website, widely considered by many to be the main source for Android related news. It was announced on July 13 that over 1 million user IDs had been hacked. Information leaked included email addresses, passwords and other information.

Representatives from Phandroid noted that passwords leaked were hashed - protected with a harder to break code - and thought that the purpose of the attack was to get email addresses for future spam campaigns. If you have an account on Phandroid, you can check and see if your account was part of the attack at Should I change my password?

Did you Yahoo? Yahoo announced on the 12th that slightly more than 450,000 accounts had been compromised, and the information placed on websites available for anyone to download. Yahoo hasn’t officially announced what service’s accounts were leaked, but, other websites have announced the accounts belonged to Yahoo Voice.

The attack was orchestrated by a hacker collective called D33Ds Company, who released the list in plain text format - it can be read by anyone - on a number of websites. D33Ds Company did withhold more sensitive data, and it seems the attack was meant to serve as a wakeup call to Yahoo. At the end of the document they left a message, ”We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.”

If you have a Yahoo account and are worried that your account may have been one of the ones leaked, dazzlepod.com has a the whole list online, minus passwords. If you’re one of the unlucky ones, be sure to change your password post haste.

The recent LinkedIn account leak and these two leaks have made for a rough last month in the security industry. We strongly recommend that you take steps to change your passwords on a regular basis to minimize the chance of your data and information being stolen. If you have any questions about these incidents, or are worried about your company’s security, please contact us.

Malware is an ever present threat that PC, and to a lesser extent Mac, users have to live with. There is a high chance that your computer will at one time come under attack, or you will inadvertently install a piece of malware. There’s a new scheme you should be aware of involving Facebook photo notification emails.

Hackers are sending out emails that look like Facebook notifications. The notifications claim that you’ve been tagged in a picture and provide a link to click on to view your profile. When you click on the link in the email you're taken to a website where malicious malware is posted, and is installed.

After the malware is installed, you’re taken to a Facebook profile as if nothing happened. This could be a serious issue, luckily, it’s easy to spot. The sender of the email is notification@faceboook.com, the extra “o” makes it obvious that the email is not a legitimate email from Facebook.

As a reminder, it’s never a good idea to open an email unless you know the sender. The easiest way to not be infected with these types of emails is to simply open Facebook when you receive a notification email. When you log in, you’ll see any new notifications on the top left of your screen. We also encourage you to ensure you have virus scanners installed and updated, as the developers of the software are aware of this and will most likely have updated their software by the time you read this.

Have you received an email like this? Let us know what it said below, or contact us if you’re unsure what to do with it.

At E3 (an annual technology conference) this year, a new video game was showcased. Watch Dogs, set in the near future, is a game about an elite hacker who can hack into any device as long as it has a Wi-Fi connection. In the short demo, you see the character listen in on private conversations, hack streetlights to create havoc and steal a person’s information. While this is only a video game, it’s based on what one can currently do with and to Wi-Fi devices, many of which you probably utilize when you’re out of the office.

It’s a good idea to connect to public networks that require passwords when possible, as they tend to be more secure. Many public networks have a legal disclaimer stating network use and security. It pays to read these before connecting.

Turn Wi-Fi off We don’t mean you should turn your Wi-Fi off permanently, rather, when you’re not using your device, or are connected to another network, e.g., mobile data, turn your Wi-Fi connection off. If you have Wi-Fi on while connected to another network, your device can and will actively search for networks to connect to and often connect to an unsecure network, unintentionally exposing your information.

Use HTTPS when possible HTTPS stands for Hypertext Transfer Protocol with Secure Sockets Layer (SSL). In layman's terms this is a website that has been built with security of user’s data in mind. Many popular websites have a HTTPS version that can be accessed by typing in https://www.sitename.com. Using HTTPS makes websites a lot harder to hack, and it’s a good idea to get into the habit of using them when on a public network or connected to Wi-Fi outside of the office.

Use data not public hotspots Hotspots are public Wi-Fi connections usually provided by a company e.g., many coffee shops have Wi-Fi, this is a hotspot. These can be unsafe, so it’s much better to invest in a data connection for your device, or a mobile Internet stick, which are considerably safer as the data is encrypted before it’s transferred from the cell tower to your device.

Use a VPN A Virtual Private Network - VPN - connects multiple computers in different locations to the same network via the Internet. Many companies use this to connect and share data with satellite offices, as the data is encrypted and secure. The main benefit to VPNs is that you can connect to a public Wi-Fi network, and transfer data securely using the network’s bandwidth. Many businesses use some form of VPN, which makes it easy for you to keep your business data secure while out of the office.

There are also VPNs that allow you to securely access the Internet via a public Wi-Fi connection, while encrypting all data sent and making your computer anonymous. It’s recommended that if you’re out of the office a lot, to look into a VPN and follow these other tips. If you’re interested, we may have a solution for you, so please contact us.

The recent LinkedIn password breach and the various Mac and Windows Trojan horses have many small business managers wondering if their data is actually safe. Even if you take steps to ensure safety, they may not be enough and your data may still be at risk. One method companies could implement is two factor authentication.

Two factor authentication is a method of accessing something through the use of two different “factors.” There are actually three different factors a user can use for authentication, but you only need to use two. The three factors are:

1. Something the user knows. This is the most commonly used factor in all authentication, and can be something like a password or a PIN. This also includes the security question asked when you forget your password.
2. Something the user has. This is the most common second factor of authentication and is typically a device or physical object the user has. Objects can include key fobs where you press a button to get a randomly generated code to enter, a credit/ATM card or an ID card.
3. Something the user is. This is a less common form of authentication, especially for small businesses, as it relies on a physical attribute of the user like a fingerprint.

When a company uses two of these factors to authenticate users, they are using two factor authentication. Chances are high, you already use this with your bank or another organization.

Should small businesses implement two factor authentication? In a recent report published by Verizon Business, businesses with 11-100 employees were by far the most targeted groups with 57% of data breaches. Businesses with 101-1,000 employees were the next most targeted with slightly under 10% of data breaches. The report goes on to suggest that the main reason small businesses are being targeted is because of generally lax security.

Before you rush out and implement a two factor authentication system, you need to be aware that it will not prevent all attacks, two factor authentication can still be hacked. It just takes more time and effort than most hackers are willing to invest to hack into systems that use this form of security. Before you implement any new security measures be sure to talk with your IT support provider or an expert like us, we may have a solution that fits your business.

Business owners often have multiple accounts with many different websites and Web services. There’s one element that links them all together, no matter their purpose: the password. A password is an owner’s sacred key that’s trusted to very few people. You expect that when you share your password with a website, it’s secure. This isn’t always the case and some of LinkedIn’s users’ passwords have recently leaked.

LinkedIn is a popular social media site that caters to professionals and helps them to network and find jobs. In the past few days, news stories have emerged about how members’ passwords were leaked online.

How passwords work The password you enter to access a website like LinkedIn acts as a handshake to confirm that the user trying to access the account is who they say they are. Remember the last time you signed up for a new account, and had to enter the password you’re going to use? The owner of the website stores that password in a, normally encrypted, file and tells the Web page to reference this file when you log in. If the passwords match, you’re allowed in. If not, you get the password error page.

What happened? A hacker discovered a way to exploit the calendar feature in the LinkedIn mobile app. Basically, when the calendar in LinkedIn was updated, the information, including your password is encrypted and sent to LinkedIn’s servers, which then update your profile with the information. The hacker developed a way to grab the encrypted password data for around 6.4 million users.

The hacker then published the encrypted passwords online for other people to decrypt. LinkedIn has released an update to the mobile apps to plug this leak, but the passwords are still online.

What does this mean for me? The chances of your account’s password being among the ones leaked is pretty small. However, if your password was posted, someone with programming and encryption knowledge could decipher it, and gain access to your account. If this happens, this poses a security risk as they will be able to access any and all data you have stored on that account. Beyond that, if you use the password for other accounts, they could gain access to them also.

How do I know if my password was compromised? LinkedIn knows of the leak and has taken steps to minimize the damage.

1. When you next try to log in to your LinkedIn account, you’ll get a message telling you the password no longer works.
2. LinkedIn has emailed users whose passwords have been leaked informing them to change their password. This email has no links in it, so if you get an email supposedly from LinkedIn with links to change your password, DON’T click on the link. There have been reports of such emails (with links) being sent out. These emails are phishing schemes which aim to steal your password.
3. LinkedIn will send you a follow-up email explaining more about what happened and why you were asked to change your password.

Alternatively, you can go to lastpass.com and test your password.

If you haven’t received an email, your password probably wasn’t leaked. We do suggest that, for security reasons, you change your LinkedIn password as soon as you can. You can do this by:

1. Going to LinkedIn’s website and logging in.
2. Hovering your mouse over your name in the top right corner of the window and selecting Settings from the drop down menu.
3. Clicking on Account located in the pane underneath your profile picture. If you don’t see Account click on the grey shield icon.
4. Selecting Change password and following the instructions.

If you feel that your accounts are unsecured, or would like to enhance your current security, please contact us. We may have a solution for you.

The security of a network and the systems within it is top of mind for many IT professionals and business owners. As such, many small business owners are implementing security measures to ensure their system stays secure. There’s a new malware program that could threaten the security of your system, regardless of which OS you use.

The malware software is called LillyJade, and is available for download at underground websites. When a hacker downloads the program, they can modify it to meet their needs. They then release it as a browser plug-in (software that adds functions, e.g., the ability to automatically translate a website), to your browser. It transmits itself by sending messages to an infected user’s Facebook friends with a link encouraging them to download the plug-in.

At this time, the purpose of the malware appears to be to conduct “click fraud.” It shows fake ads on sites like Facebook, Yahoo and MSN. These ads are usually pay-per-click, which means that any time an infected user clicks on one of these fake ads, the hacker gets paid.

There are two interesting things about this program. The first is that it infects browsers, not systems. This makes it nearly undetectable to virus scanners, which scan for infected files on your computer’s hard drive. The second is that the program can be modified to run on nearly any browser regardless of the operating system.

Tips to avoid being infected Here are four tips on how to minimize the chance of being infected by malware like this.

1. Keep your browser(s) up-to-date.
2. Don’t click on suspicious links.
3. If a friend messages you with a link, encouraging you to click on it, verify with them that they sent the link.
4. Don’t install browser plug-ins, unless you’re sure they’re from a vetted source.

As with any malware threat, proper preventative measures will normally be enough to ensure that your system is safe. If you’re unsure if your system is secure, or would like to implement more robust security measures, please contact us. We have a solution for you.

The Internet has become one of the most important tools in our personal and professional lives. It’s hard to imagine what life would be like without it. There’s a chance that may happen for users who’ve been infected by the DNSChanger Trojan. This nasty Trojan has infected many computers around the world and has forced the FBI to take drastic action.

While the source of DNSChanger has been removed, essentially killing it. There are still infected users out there who may have their Internet cut off in July if they don’t deal with it by then.

What is DNSChanger? DNSChanger is a Trojan that hijacks a user's Internet, at the most basic level, the DNS. If a user enters a web address, DNSChanger will return a similar looking page, but with ads that are owned by hackers. Thus allowing them to manipulate online advertising to make money, around USD 14 million by the time they were shut down.

Aside from that, it also prevents users from visiting security websites, like mcafee.com, and downloading program and OS updates. As many as four million computers, including some Fortune 500 and government computers, have been infected worldwide.

What’s a DNS? A DNS - Domain Name System - is a cruical service that converts domain names like www.google.com into code that computers can understand. The DNS essentially makes it easier for computers to talk with one another. Without it, any program or action that uses the Internet wouldn’t work.

What did the FBI do? Because the malware affects the DNS, the FBI couldn’t just shut down the servers that the infected users’ computers talk to, as they wouldn’t be able to access any Web pages. So, they replaced the DNS servers that the hackers used with new ones. These servers will go offline in July, at which time, any user still connecting to the DNS servers, or who is still infected irregardless of their location, could be affected.

What should I do? If you’re infected by this malware, and don’t remove it by July 9, your Internet access could be shut down. To prevent this, it’s important to contact your IT service provider and work with them to ensure your systems are clean, and security’s up to date.

Update

Google plans to warn users they are infected by DNSChanger. When a user accesses one of Google's functions, like search, Google will show a message informing the users they may be infected and give some tips on how to get rid of it.

If you think your systems or network aren’t secure enough, please contact us, we are ready to help.