Wednesday, August 14, 2013

Information Security Updates

Who Are You


The process of proving who you are (called authentication) is a

key step to protecting your online information. You want to be

sure only you have access to your private information, so you

need a secure method to prove who you are, such as when you

check email, purchase something online or access your bank

accounts. You can prove who you are in three different ways:

what you know, such as a password, what you have, such as

your passport, and who you are, such as your fingerprint. Each

one of these methods has its advantages and disadvantages. The

most common authentication method is using what you know:

passwords.

 

Passwords


You most likely use passwords almost every day in your life. The

purpose of a password is to prove you are who you say you are.

This would be an example of something you know. The danger

with passwords is that if someone else can guess or gain access to

your password, they can then pretend to be you and access all of

the information that is secured by it. This is why you are taught

steps to protect your password, such as using strong passwords

that are hard for attackers to guess. The problem with passwords

is they are quickly becoming dated. With newer technologies it is

becoming easier for cyber attackers to forcibly test and eventually

guess passwords or harvest them with technologies such as

keystroke loggers. A simpler yet more secure solution is needed

for strong authentication. Fortunately, such an option is becoming

more common-something called two-step verification. To protect

yourself, we highly recommend you use this option whenever

possible.

 

Two-Step Verification

Two-step verification (sometimes called two-factor authentication)

is a more secure way to prove your identity. Instead of requiring

just one step for authentication, such as passwords (which is

something you know), it requires two steps. Your ATM card is an

example. When you withdraw money from an ATM machine, you

are actually using a form of two-step verification. To prove who you

are when accessing your money, you need two things: the ATM

card (something you have) and the PIN number (something you

know). If you lose your ATM card your money is still safe; anyone

who finds your card cannot withdraw your money as they do not

know your PIN (unless you wrote your PIN on your card; which

is a bad idea). The same is true if they only have your PIN and not

the card. An attacker must have both to compromise your ATM

account. This is what makes two-step verification so much more

secure: you have two layers of security.

Using Two-Step Verification


One of the leaders in online two-step verification is Google.

With a variety of free online services such as Gmail, Google

needed to provide a stronger authentication solutions for its

millions of users. As such Google rolled out two-step verification

for most of its online services. Not only is Google’s two-step

verification a free service any Google user can sign-up for, but

other online providers are using similar technology for their

services, such as Dropbox, Facebook, LinkedIn and Twitter. By

understanding how Google’s two-step verification works, you

will understand how many other online two-step verification

services work.

Google’s two-step verification works as follows. First, you

will need your username and password, just as before. This is

the first factor, something you know. However, Google then

requires a second factor, something you have-specifically,

your smartphone. There are two different ways you can use

your smartphone as part of the log in process. The first is to

register your phone number with Google. When you attempt

to authenticate with your username and password, Google will

SMS a new, unique code to your smartphone. You then have

to enter this number when you log in. The other option is to

install Google authentication software on your smartphone. The

software then generates a unique code for you. The advantage

with this second approach is that you do not need to be

connected to a service provider, as your phone generates your

code for you.

Two-step verification is usually not enabled by default.; it is

something you will have to enable yourself. In addition, most

mobile apps are not yet compatible with two-step verification.

For most mobile apps you will need to use application-specific

passwords, which you can generate once you enable twostep

verification. Finally, you may have the option of creating

recovery keys in case you lose your smartphone. We recommend

you print those out and store them in a safe, locked location.

We highly recommend you use two-step verification whenever

possible, especially for critical services such as email or file

storage. Two-step verification goes much further to protect your

information , as criminals have to work much harder

to try and compromise your accounts.

 
 
 
 
 
 


Wednesday, July 17, 2013

What is Spear Phishing? I hope you don't think it involves shooting fish, cause it does not!

What is Spear Phishing?

You may be familiar with phishing attacks. These are emails
sent by cyber criminals to millions of potential victims around
the world designed to fool, trick or attack them. Usually, these
messages appear to come from a trusted source, such as someone
you may know. The emails often have an urgent message or deal
for you that is simply too good to pass up. If you click on the link
in a phishing email you may be taken to a malicious website that
attempts to hack into your computer or harvest your username
and password. Or perhaps the phishing email may have an
infected attachment—if you open the attachment it attempts to
infect and take control of your computer. Cyber criminals send
these emails to as many people as possible, knowing the more
people that receive the email, the more people will likely fall
victim.
While phishing is effective, a relatively new type of attack has
developed called spear phishing. The concept is the same:
cyber attackers send emails to their victim, pretending to be
an organization or a person the victim trusts. However, unlike
traditional phishing emails, spear phishing messages are highly
targeted. Instead of sending an email to millions of potential
victims, cyber attackers send spear phishing messages to a very
few select individuals, perhaps five or ten targeted people. Unlike
general phishing, with spear phishing the cyber attackers research
their intended targets, such as reading the intended victim’s
LinkedIn or Facebook accounts or any messages they posted
to public blogs or forums. Based on this research, the attackers
then create a highly customized email that appears relevant to the
intended targets. This way, the individuals are far more likely to
fall victim to the attack.

Effectiveness of Spear Phishing

Spear phishing is used when the cyber attacker wants to specifically
attack you or your organization. Instead of simple criminals out
to steal money, attackers who use spear phishing have very
specific goals, usually accessing highly confidential information
such as corporate business secrets, plans for sensitive technology
or confidential government communications. Or perhaps your
organization was targeted simply as a stepping stone to gain access
to another organization. Such attackers stand much to gain, and
they are willing to invest the time and effort to research their targets.
For example, a criminal entity may decide that your organization
holds personal customer information that is key to their economic
success and they begin to target you. They research your
organization’s website and identify three key individuals. These
attackers then research the LinkedIn, Twitter and Facebook pages
of those three individuals and create a complete dossier on them.
After analyzing these targeted individuals, the attackers then
create a spear phishing email pretending to be a supplier that your
organization uses. The email has an attachment pretending to be
an invoice, when in reality it is infected. Two of the three targeted
individuals are tricked by the spear phishing emails and open the
infected attachment, giving the criminal entity total access to their
computers and, ultimately, all of your organization’s customer data
and corporate strategic plans, which they will now exploit.
Spear phishing is a far more dangerous threat than simple phishing
attacks, as the attackers are crafting an attack specific to you or
your organization . Not only does this increase the chances of the
attacker’s success, but these attacks are far more difficult to detect.

Protecting Yourself

The first step to protecting yourself against these targeted attacks
is to understand that you may be a target. After all you and your
organization possess sensitive information that someone else
might want, or can be used to access another organization that is
the attacker’s ultimate goal. Once you understand that you could
be targeted, take the following precautions to safeguard yourselfand 
your organization:

• Limit the information you post about yourself, such as mail
forums, Facebook or LinkedIn. The more personal details
you share, the easier it is for cyber attackers to craft a spear
phishing email that appears relevant and genuine.

• If an email that asks you to open an attachment or click a
link appears suspicious or requests sensitive information,
verify the message. If the email appears to come from a
company or a person you know, use the contact details you
already have on file to contact the sender and verify that
they sent you the message.

• Support IT Computer Specialist security efforts by following the
appropriate security policies and making use of the security
tools that are available to you, such as antivirus,
encryptionand patching
.

• Remember, technology cannot filter and stop all email
attacks, especially spear phishing emails. If an email
seems a bit odd at first, read through it carefully. If you are
concerned that you may have received a spear phishing
email or fallen victim to spear phishing attack, contact
IT ComputerSpecialist immediately.

Computer Security Services - Stuart - Port St Lucie - Jupiter

Saturday, July 13, 2013

Computer Repair, Virus Removal, Networking, Internet Marketing: U.S. government enlisted ISPs to fight Chinese hac...

Computer Repair, Virus Removal, Networking, Internet Marketing: U.S. government enlisted ISPs to fight Chinese hac...: I thought this was an interesting article. Hope you enjoy. Data Recovery in Stuart U.S. government enlisted ISPs ...

U.S. government enlisted ISPs to fight Chinese hackers


I thought this was an interesting article. Hope you enjoy.
Data Recovery in Stuart


undefined

U.S. government enlisted ISPs to fight Chinese hackers

Earlier this year, the U.S. government gave American ISPs addresses believed to be associated with Chinese hackers “as part of a previously undisclosed effort aimed at blocking cyberspying,” according to the Wall Street Journal.
Even as China and the U.S. meet this week in Washington, and as NSA surveillance revelations continue to echo, the electronic battle royale between countries continues.  
In February, the government shared email addresses associated with Chinese government hacking group the Comment Crew, with American ISPs, just before the security consulting firm Mandiant made its now-famous study of Chinese hacking public. 
Former U.S. officials told the WSJ that “Department of Homeland Security (DHS) officials consulted with Internet providers about how to block some Chinese hacking” the same day as DHS and the Federal Bureau of Investigation released a joint memo listing hundreds of related IP address linked to the hackers.
A DHS email to the Internet companies urged them to implement the security suggestions made by Mandiant in their study.
Subsequent to this, the U.S. saw a temporary decline in Chinese hacking efforts, in part attributed to public shaming of China by the Obama administration and partly as a result of the efforts of the ISPs.
However, as any hacker, and most people with even a nodding relationship with hacking know, changing your IP address is not brain surgery. Chinese hackers did so, now the level of hacking is back at a given value of normal. 
Other recent instances of cooperation between the U.S. government and Internet companies have been condemned for a perceived conspiratorial closeness. 
While U.S. telecoms have cooperated with DHS efforts to thwart Chinese hackers, they've simultaneously contributed to programs that enable the surveillance of citizens in America and abroad.
H/T Wall Street Journal | Illustration by Fernando Alfonso III

Friday, July 12, 2013

Bogus "Pinterest tool" is actually a password-thieving Trojan

imgur: the simple image sharer

Bogus "Pinterest tool" is actually a password-thieving Trojan

A phishing scam disguised as an item on your pinboard has landed on Pinterest, and could be thieving the usernames and passwords of unsuspecting pinners.
The scheme comes in the form of a pin, which, when clicked, redirects the user to a third-party site that asks you to download a "Pinterest tool." Instead, the user downloads a browser plugin that reads the user's password info for various websites.
Janne Ahlberg, an Internet security expert who frequently tests websites on his blog, analyzed the code for the "Pinterest Tool" and found it to be malware—specifically, an iteration of a known Trojan virus. According to Ahlberg and the F-Secure website, an Internet security testing site, the Trojan is designed to intercept "possible user name and password from visited websites and [send] them to the attacker’s server."
Once you've inadvertently installed the malware, it masquerades as a regular browser extension:
But thankfully, the trick to removing it is easy: just go to your browser tools or extensions, locate the "Pinterest Tool," and uninstall it.
The file name for the malware is Trojan.PWS.ZAQ., but Ahlberg believes there are other similar bugs around the site.  One alternate version of the bug that was discovered over a year ago orders you to "install the Pinterest Tool to view this recipe. To continue, install the tool and enjoy more features of our site.”
Ahlberg recently unearthed a massive diet spam campaign spread over Twitter and Pinterest and involving hundreds of hacked websites. He advises that Pinterest users proceed with caution when accessing Pinterest, and shows them how to safely search Pinterest to see if a particular domain is infected. 
Yesterday Ahlberg noted that the suspicious pins are still on the Pinterest website. But users looking to identify the culprit pins based on their addresses, however, might be thwarted: it appears the malware contains a bit of code that attaches itself to whatever normal pin a user might want to put on their site, causing it to redirect to an infected site housing the fake "tool."
 As Jason Hamilton at 404 Tech Support elaborates, the only way a casual user could tell something is off is by double-checking the URL:
In the case of these malware pins, the links went to a variety of blogspot blogs with a food blog sounding subdomain like icanhasrecipe.blogspot.com.... The url looks like icanhasrecipe.blogspot.com/?r=13498asd987149087&u=http://tasteofhome.com. Nothing [so] conspicuous that a casual user would notice something wrong.
Alhberg has identified over 20 such sites.
He expressed surprise that Pinterest has apparently done nothing to halt the spread of the virus. But even more surprising is that the version of the malicious plug-in discovered in 2012 is still there along with the newer version.
Wary web surfers might want to disable JavaScript in their browsers when they visit Pinterest, and make sure their anti-virus security protection is up to date.

If you have been infected with this virus contact us today IT Computer Specialist

Thursday, July 11, 2013

Virus Removal in Stuat Florida

 
 Stuart, FL Virus Removal
Services 1. Computer Virus, Malware and Spyware Removal
A computer virus is a man made software program that can spread from one computer to another through replication. Some viruses are mild and only cause messages to appear on the screen, others can severe damage.

IT Computer Specialist, Florida's top choice for computer virus, malware and spyware removal. Malware includes computer viruses, Trojan horses, computer worms, rootkits, spyware, adware and other malicious software programs. Computer worms are programs which infect computers connected by a network while a trojan is a program which is used to gain access to a computer. Spyware is a program which is used to monitor or log activity on a computer. Adware is a program which deliver ads to your computer usually in the form of a (pop ups) and will slow your network down.

All of these infections in combination will slow your computer to a crawl or make it stop working altogether.