Information Security Updates

Who Are You

The process of proving who you are (called authentication) is a

key step to protecting your online information. You want to be

sure only you have access to your private information, so you

need a secure method to prove who you are, such as when you

check email, purchase something online or access your bank

accounts. You can prove who you are in three different ways:

what you know, such as a password, what you have, such as

your passport, and who you are, such as your fingerprint. Each

one of these methods has its advantages and disadvantages. The

most common authentication method is using what you know:

passwords.

 

Passwords

You most likely use passwords almost every day in your life. The

purpose of a password is to prove you are who you say you are.

This would be an example of something you know. The danger

with passwords is that if someone else can guess or gain access to

your password, they can then pretend to be you and access all of

the information that is secured by it. This is why you are taught

steps to protect your password, such as using strong passwords

that are hard for attackers to guess. The problem with passwords

is they are quickly becoming dated. With newer technologies it is

becoming easier for cyber attackers to forcibly test and eventually

guess passwords or harvest them with technologies such as

keystroke loggers. A simpler yet more secure solution is needed

for strong authentication. Fortunately, such an option is becoming

more common-something called two-step verification. To protect

yourself, we highly recommend you use this option whenever

possible.

 

Two-Step Verification

Two-step verification (sometimes called two-factor authentication)

is a more secure way to prove your identity. Instead of requiring

just one step for authentication, such as passwords (which is

something you know), it requires two steps. Your ATM card is an

example. When you withdraw money from an ATM machine, you

are actually using a form of two-step verification. To prove who you

are when accessing your money, you need two things: the ATM

card (something you have) and the PIN number (something you

know). If you lose your ATM card your money is still safe; anyone

who finds your card cannot withdraw your money as they do not

know your PIN (unless you wrote your PIN on your card; which

is a bad idea). The same is true if they only have your PIN and not

the card. An attacker must have both to compromise your ATM

account. This is what makes two-step verification so much more

secure: you have two layers of security.

Using Two-Step Verification

One of the leaders in online two-step verification is Google.

With a variety of free online services such as Gmail, Google

needed to provide a stronger authentication solutions for its

millions of users. As such Google rolled out two-step verification

for most of its online services. Not only is Google’s two-step

verification a free service any Google user can sign-up for, but

other online providers are using similar technology for their

services, such as Dropbox, Facebook, LinkedIn and Twitter. By

understanding how Google’s two-step verification works, you

will understand how many other online two-step verification

services work.

Google’s two-step verification works as follows. First, you

will need your username and password, just as before. This is

the first factor, something you know. However, Google then

requires a second factor, something you have-specifically,

your smartphone. There are two different ways you can use

your smartphone as part of the log in process. The first is to

register your phone number with Google. When you attempt

to authenticate with your username and password, Google will

SMS a new, unique code to your smartphone. You then have

to enter this number when you log in. The other option is to

install Google authentication software on your smartphone. The

software then generates a unique code for you. The advantage

with this second approach is that you do not need to be

connected to a service provider, as your phone generates your

code for you.

Two-step verification is usually not enabled by default.; it is

something you will have to enable yourself. In addition, most

mobile apps are not yet compatible with two-step verification.

For most mobile apps you will need to use application-specific

passwords, which you can generate once you enable twostep

verification. Finally, you may have the option of creating

recovery keys in case you lose your smartphone. We recommend

you print those out and store them in a safe, locked location.

We highly recommend you use two-step verification whenever

possible, especially for critical services such as email or file

storage. Two-step verification goes much further to protect your

information , as criminals have to work much harder

to try and compromise your accounts.

 

 

 

 

 

 

What is Spear Phishing? I hope you don't think it involves shooting fish, cause it does not!

What is Spear Phishing?

You may be familiar with phishing attacks. These are emails
sent by cyber criminals to millions of potential victims around
the world designed to fool, trick or attack them. Usually, these
messages appear to come from a trusted source, such as someone
you may know. The emails often have an urgent message or deal
for you that is simply too good to pass up. If you click on the link
in a phishing email you may be taken to a malicious website that
attempts to hack into your computer or harvest your username
and password. Or perhaps the phishing email may have an
infected attachment—if you open the attachment it attempts to
infect and take control of your computer. Cyber criminals send
these emails to as many people as possible, knowing the more
people that receive the email, the more people will likely fall
victim.
While phishing is effective, a relatively new type of attack has
developed called spear phishing. The concept is the same:
cyber attackers send emails to their victim, pretending to be
an organization or a person the victim trusts. However, unlike
traditional phishing emails, spear phishing messages are highly
targeted. Instead of sending an email to millions of potential
victims, cyber attackers send spear phishing messages to a very
few select individuals, perhaps five or ten targeted people. Unlike
general phishing, with spear phishing the cyber attackers research
their intended targets, such as reading the intended victim’s
LinkedIn or Facebook accounts or any messages they posted
to public blogs or forums. Based on this research, the attackers
then create a highly customized email that appears relevant to the
intended targets. This way, the individuals are far more likely to
fall victim to the attack.

Effectiveness of Spear Phishing

Spear phishing is used when the cyber attacker wants to specifically
attack you or your organization. Instead of simple criminals out
to steal money, attackers who use spear phishing have very
specific goals, usually accessing highly confidential information
such as corporate business secrets, plans for sensitive technology
or confidential government communications. Or perhaps your
organization was targeted simply as a stepping stone to gain access
to another organization. Such attackers stand much to gain, and
they are willing to invest the time and effort to research their targets.
For example, a criminal entity may decide that your organization
holds personal customer information that is key to their economic
success and they begin to target you. They research your
organization’s website and identify three key individuals. These
attackers then research the LinkedIn, Twitter and Facebook pages
of those three individuals and create a complete dossier on them.
After analyzing these targeted individuals, the attackers then
create a spear phishing email pretending to be a supplier that your
organization uses. The email has an attachment pretending to be
an invoice, when in reality it is infected. Two of the three targeted
individuals are tricked by the spear phishing emails and open the
infected attachment, giving the criminal entity total access to their
computers and, ultimately, all of your organization’s customer data
and corporate strategic plans, which they will now exploit.
Spear phishing is a far more dangerous threat than simple phishing
attacks, as the attackers are crafting an attack specific to you or
your organization . Not only does this increase the chances of the
attacker’s success, but these attacks are far more difficult to detect.

Protecting Yourself

The first step to protecting yourself against these targeted attacks
is to understand that you may be a target. After all you and your
organization possess sensitive information that someone else
might want, or can be used to access another organization that is
the attacker’s ultimate goal. Once you understand that you could
be targeted, take the following precautions to safeguard yourselfand 
your organization:

• Limit the information you post about yourself, such as mail
forums, Facebook or LinkedIn. The more personal details
you share, the easier it is for cyber attackers to craft a spear
phishing email that appears relevant and genuine.

• If an email that asks you to open an attachment or click a
link appears suspicious or requests sensitive information,
verify the message. If the email appears to come from a
company or a person you know, use the contact details you
already have on file to contact the sender and verify that
they sent you the message.

• Support IT Computer Specialist security efforts by following the
appropriate security policies and making use of the security
tools that are available to you, such as antivirus,
encryptionand patching.

• Remember, technology cannot filter and stop all email
attacks, especially spear phishing emails. If an email
seems a bit odd at first, read through it carefully. If you are
concerned that you may have received a spear phishing
email or fallen victim to spear phishing attack, contact
IT ComputerSpecialist immediately.

Computer Security Services - Stuart - Port St Lucie - Jupiter

10% Off Computer repair in Stuart, Port St Lucie, Jupiter

IT Computer Specialist is offering 10% off all services when you like their Facebook page.

IT Computer Specialist Offers:

Computer Repair
Virus Removal
Data Recovery
Web Design
Security 
Networking
Local Internet Marketing
Laptop and Cell Phone Screen Repair

Fast and Local help for all your computer needs.

Contact Us:

Sean@ITComputerSpecialist.com
772-626-5522

Computer Repair, Virus Removal, Networking, Internet Marketing: U.S. government enlisted ISPs to fight Chinese hac...

Computer Repair, Virus Removal, Networking, Internet Marketing: U.S. government enlisted ISPs to fight Chinese hac...: I thought this was an interesting article. Hope you enjoy. Data Recovery in Stuart U.S. government enlisted ISPs ...

I thought this was an interesting article. Hope you enjoy.
Data Recovery in Stuart

U.S. government enlisted ISPs to fight Chinese hackers

2
inShare

By Curt Hopkins on July 12, 2013 Email

Earlier this year, the U.S. government gave American ISPs addresses believed to be associated with Chinese hackers “as part of a previously undisclosed effort aimed at blocking cyberspying,” according to the Wall Street Journal.

Even as China and the U.S. meet this week in Washington, and as NSA surveillance revelations continue to echo, the electronic battle royale between countries continues.  

In February, the government shared email addresses associated with Chinese government hacking group the Comment Crew, with American ISPs, just before the security consulting firm Mandiant made its now-famous study of Chinese hacking public. 

Former U.S. officials told the WSJ that “Department of Homeland Security (DHS) officials consulted with Internet providers about how to block some Chinese hacking” the same day as DHS and the Federal Bureau of Investigation released a joint memo listing hundreds of related IP address linked to the hackers.

A DHS email to the Internet companies urged them to implement the security suggestions made by Mandiant in their study.

Subsequent to this, the U.S. saw a temporary decline in Chinese hacking efforts, in part attributed to public shaming of China by the Obama administration and partly as a result of the efforts of the ISPs.

However, as any hacker, and most people with even a nodding relationship with hacking know, changing your IP address is not brain surgery. Chinese hackers did so, now the level of hacking is back at a given value of normal. 

Other recent instances of cooperation between the U.S. government and Internet companies have been condemned for a perceived conspiratorial closeness. 

While U.S. telecoms have cooperated with DHS efforts to thwart Chinese hackers, they've simultaneously contributed to programs that enable the surveillance of citizens in America and abroad.

H/T Wall Street Journal | Illustration by Fernando Alfonso III

Virus Removal in Port St Lucie

Bogus "Pinterest tool" is actually a password-thieving Trojan

4
inShare

By Aja Romano on July 10, 2013 Email

A phishing scam disguised as an item on your pinboard has landed on Pinterest, and could be thieving the usernames and passwords of unsuspecting pinners.

The scheme comes in the form of a pin, which, when clicked, redirects the user to a third-party site that asks you to download a "Pinterest tool." Instead, the user downloads a browser plugin that reads the user's password info for various websites.

Janne Ahlberg, an Internet security expert who frequently tests websites on his blog, analyzed the code for the "Pinterest Tool" and found it to be malware—specifically, an iteration of a known Trojan virus. According to Ahlberg and the F-Secure website, an Internet security testing site, the Trojan is designed to intercept "possible user name and password from visited websites and [send] them to the attacker’s server."

Once you've inadvertently installed the malware, it masquerades as a regular browser extension:

But thankfully, the trick to removing it is easy: just go to your browser tools or extensions, locate the "Pinterest Tool," and uninstall it.

The file name for the malware is Trojan.PWS.ZAQ., but Ahlberg believes there are other similar bugs around the site.  One alternate version of the bug that was discovered over a year ago orders you to "install the Pinterest Tool to view this recipe. To continue, install the tool and enjoy more features of our site.”

Ahlberg recently unearthed a massive diet spam campaign spread over Twitter and Pinterest and involving hundreds of hacked websites. He advises that Pinterest users proceed with caution when accessing Pinterest, and shows them how to safely search Pinterest to see if a particular domain is infected. 

Yesterday Ahlberg noted that the suspicious pins are still on the Pinterest website. But users looking to identify the culprit pins based on their addresses, however, might be thwarted: it appears the malware contains a bit of code that attaches itself to whatever normal pin a user might want to put on their site, causing it to redirect to an infected site housing the fake "tool."

 As Jason Hamilton at 404 Tech Support elaborates, the only way a casual user could tell something is off is by double-checking the URL:

In the case of these malware pins, the links went to a variety of blogspot blogs with a food blog sounding subdomain like icanhasrecipe.blogspot.com.... The url looks like icanhasrecipe.blogspot.com/?r=13498asd987149087&u=http://tasteofhome.com. Nothing [so] conspicuous that a casual user would notice something wrong.

Alhberg has identified over 20 such sites.

He expressed surprise that Pinterest has apparently done nothing to halt the spread of the virus. But even more surprising is that the version of the malicious plug-in discovered in 2012 is still there along with the newer version.

Wary web surfers might want to disable JavaScript in their browsers when they visit Pinterest, and make sure their anti-virus security protection is up to date.

If you have been infected with this virus contact us today IT Computer Specialist

Virus Removal in Stuat Florida

 

 Stuart, FL Virus Removal

Services 1. Computer Virus, Malware and Spyware Removal

A computer virus is a man made software program that can spread from one computer to another through replication. Some viruses are mild and only cause messages to appear on the screen, others can severe damage.

IT Computer Specialist, Florida's top choice for computer virus, malware and spyware removal. Malware includes computer viruses, Trojan horses, computer worms, rootkits, spyware, adware and other malicious software programs. Computer worms are programs which infect computers connected by a network while a trojan is a program which is used to gain access to a computer. Spyware is a program which is used to monitor or log activity on a computer. Adware is a program which deliver ads to your computer usually in the form of a (pop ups) and will slow your network down.

All of these infections in combination will slow your computer to a crawl or make it stop working altogether.

Port St Lucie Virus Removal

IT Computer Specialist

Right now there are more than 150,000 used smartphones, tablets and laptops for sale on eBay. And in the hands of a hacker, any number of them could reveal crucial data about a former owner--even after it's been deleted. "People think if they do a disk-drive reformat, there's nothing on it," says Rob Schafer, a tech analyst at the research firm Gartner. "That is a trivial thing to get around if you are a professional data thief."  Times.com
Protect your Data, files and do not become a victim of Identity Theft!

Call Us Today 888-626-3339

Fast and Local Help for all your computer problems!!
Serving West Palm Beach, Palm Beach Gardens, Jupiter, Hobe Sound, Stuart, Palm City and Port St Lucie

Computer Hacking and Identity Theft

Identity theft criminals come in all shapes and sizes these days. If you're ever unlucky enough to be a victim of identity theft, the culprit is far more likely to be a local meth user than a professional hacker. That said, most organized crimes gangs around the world are becoming much more involved in computer hacking. Computer identity theft can happen in a number of ways. Criminal organizations can use their own hackers, hire college students, or simply buy large amounts of stolen information from professional hackers. And the result is a spike in the number and size of reported data breaches by hackers:

• More than 50 of the reported data breaches in the last year have been attributed to computer hacking.
• Hacking accounted for the largest number of compromised personal records in the last 12 months, involving an estimated 43 million Americans.
• Well-known brands that have lost data through computer hacking in the past 18 months include DSW Shoes, Polo Ralph Lauren, and BJ's Wholesale.

What happens to stolen credit card and social security numbers?

Much of the data stolen through computer hacking — including stolen credit card numbers and Social Security Numbers — will end up on a network of illegal trading sites where hackers and criminals from around the world will openly buy and sell large amounts of personal data for profit.
Stolen data networks have flourished in the open, with names like Network Terrorism Forum, Shadowcrew, Carderplanet, Dark Profits, and Mazafaka. The Shadowcrew network was believed to have more than 4,000 active members who made more than $5 million in less than two years trading 1.5 million stolen credit cards, before it was shut down.
A typical credit card hacking transaction on one of these sites might take place as follows:

• Stolen credit card numbers and other personal information are posted for sale, either to be purchased or used in a "joint venture."
• In a joint venture, other network members will use stolen numbers to purchase goods and send them to a drop site for pick-up by other members. The goods are then sold and the proceeds shared amongst the participants.
• New or unproven sellers on the credit card hacking network are often required to prove their credibility by participating in a number of dummy runs to test that both the seller and the stolen cards are genuine.

Some credit card hacking sites will also include a rating system, where members can post feedback on the quality of stolen credit card numbers and other information offered for sale by members. And many of these computer identity theft sites will accept requests for specific types of stolen information and will also sell complete phishing websites and email templates so that even absolute beginners can easily run phishing scams with little technical knowledge.
There has also been a shift in the professional computer hacking community, where hackers who used to do it for the thrill or the fame are now doing it for profit. In the words of one hacker, "In the old days of hacking it was a bit like base-jumping the Chrysler building. All you got was a slap on the wrist and front page headline."
But now hackers are facing serious jail time for even the smallest hack and they want to make hacking worth the risk. In most cases, all they do is find the opening, commit identity theft, and then sell the stolen credit card numbers; or just find the credit card hacking opportunity and sell that information for others to do the stealing.
Another source of computer identity theft involves former employees hacking into the networks and computers of their old job, using either insider knowledge or password accounts that were never cancelled. For example, the thief who stole 30,000 credit records from his employer in New York committed the crime over a two-year period after he left the company. The cost of his crime was estimated at more than $100 million.
He simply used his insider knowledge and a password that someone forgot to cancel. And if employees are disgruntled or angry after they leave the business, maybe because they were fired, they may justify their actions by convincing themselves it's "just compensation" for money they should have been paid.
Opportunist hackers also continue to be a problem. These are amateurs and professionals who spend hours a day running random port scans on the Internet looking for unprotected home computers. When they find one, they'll often just poke around inside the network or computer to see what's worth taking, and these days they know that any personal or customer information on that computer will be of value to someone somewhere.
And with nearly 4,000 hacking sites on the web, any petty criminal can now learn how to become an accomplished hacker free of charge, and possibly earn a much better living for a lot less risk. The criminals who used to lurk in doorways armed with a crowbar now lurk in front of laptops armed with a chai latte. These guys know that it's much easier to break into a business through the Internet to commit identity theft than through a skylight, and there's no chance of being bitten by the owner's Doberman.
Small businesses computer systems are especially vulnerable to identity theft, because they usually offer easy and unguarded access to things like customer credit card records and employee payroll files. Most small businesses don't use or keep access logs, so even if their information has been stolen, they probably won't even know it.

How Computer Hacking Happens

Hacking attacks can be launched in a number of ways:

• Attacking computers that don't have firewalls installed.
• Installing keystroke loggers or other malicious code by hiding it in email attachments.
• Exploiting browser vulnerabilities that have not been properly patched.
• Exploiting weak or poorly protected passwords.
• Hiding malicious code in downloads or free software.
• Hiding malicious code in images on websites and waiting for unsuspecting users to click on them.
• Employees or other trusted users simply accessing an unprotected computer.
• Exploiting poorly installed networks, and especially wireless home networks.

So What Can You Do About Computer Hacking?

• Make sure all computers you use in your home or business have the latest firewalls and anti-virus software installed.
• Keep up-to-date with the latest patches, especially for your browser.
• Use a good-quality anti-spyware solution, and scan your computers regularly for any pests.
• Be careful about the types of websites you visit, what you click on, and what you download. And make sure that everyone who uses your computer understands the security risks and rules.
• Scrutinize suspicious emails that may actually be phishing scams.

PrivacyMatters wrote the above article

Computer Repair and Virus Removal

IT Computer Specialist is offering 10% off all services until July 31, 2013.

This Coupon is good for:

Computer Repair
Networking
Virus Removal
Local Internet Marketing
Wireless Setup

We serve West Palm Beach, Palm Beach Gardens, Jupiter, Hobe Sound, Stuart, Port St Lucie.

Call Us Today 888-626-3339