- Problems? ComputerMagic experts know how to quickly solve your business IT problems.
- Your business growing? Let ComputerMagic introduce your business to servers to match your growth.
- Tired of technical mubjo-jumbo? ComputerMagic talks business to business folks and tech to techies.
- Problems with existing servers and workstations? It’s time to call ComputerMagic
- Need tailored solutions? ComputerMagic will take time to know your business and understand your needs.
- Not sure which way to go? ComputerMagic are the adept and resourceful IT folks to point the way.
- Viruses got you down? ComputerMagic will clean up the demons and set up safeguards to keep them out.
- Is your data safe and secure? ComputerMagic will provide redundant backup systems of your servers and vital business data. When disaster strikes, your systems will be brought back intact as running machines
- Time for an upgrade? Time for ComputerMagic
- Budget an issue? ComputerMagic only recommends cost effective solutions.
- Emergency? ComputerMagic will drop what we are doing and come and get you back up and running again.
To Cloud, Or Not To Cloud
There are advantages to the Cloud. These are more noticeable in small and mid-size businesses. In most cases, these businesses struggle with providing and maintaining their network infrastructure. These tasks not only involve determining the hardware and software needs, but also the purchasing, installation, and configuration of the equipment. The daily cost for these services typically does not justify hiring and maintaining a technology staff to provide support services for in-house systems.
Therefore, in the past, these organizations have relied on third party providers. These providers may be small local companies themselves or larger organizations. The problem with larger support organizations is that the customer may have whoever is available (not necessarily familiar with the site) provide the needed services. In these cases, moving to the Cloud makes good, financial sense. The services are always available, they can typically be purchased and configured by inexperienced people, and problems are handled by the service provider.
This type of configuration allows for the services to be expanded and new features added dynamically with little or no impact to the company. The performance of the systems can also be improved “on the fly” for an additional cost. There is no longer the need for downtime to add additional storage space, memory, or compute power. This allows the systems to grow (or contract) to meet the needs of the company. In most cases, moving to the Cloud should also eliminate downtime for an organization. In the event there is a problem at the hosting services location, they simply redirect customers to a replica of their services at another data center. This type of flexibility, uptime, and ease of data access has made the Cloud very appealing to many companies.
The disadvantages to the Cloud are often not discussed or considered. First, many people feel that by moving to the Cloud, their data is safe from loss. The providers tend to speak about how they move data around, create duplicates, and provide alternate paths to provide constant access to give customers a feeling of confidence. This process is also supposed to prevent any unintentional data loss.
However, this has proven to be incorrect. There have been instances where Cloud providrs have lost customer data such as Amazon’s E2 crash, T-Mobile’s SideKick, and other less publicized incidents. While the percentage of data loss was small compared to the amount of customer data they actually house, there were some companies whose data was permanently destroyed. Unless a company had some guarantee written into their contract, the most they received was an apology letter letting them know data was unrecoverable. Admittedly, these incidents were in the earlier days of Cloud services. Since that time, there have been improvements in backup solutions for Cloud providers, but in the end, you are still at the mercy of the systems they have established. In most cases (and for security reasons) they will not disclose the processes they use to minimize data loss.
When a company’s data is hosted by a Cloud provider, the company must be able to maintain an Internet connection in order to access their data and enable their employees to perform daily functions. However, the company is still at the mercy of the ISP. If the company’s Internet provider has an outage, then how much of the business can still function? While these outages can happen when not using the Cloud, employees still have access to the files needed to do their jobs on their local machine or network drives.
Another weakness in the Cloud was provided in the documents released by Edward Snowden. These showed that while the front-end infrastructure was encrypted and secured, the back-end communications between data centers was not. These circuits were tapped by the National Security Agency in order to spy and collect data. While general hackers would not necessarily have the ability to directly tap these circuits, it does not mean that another government does not have those resources, especially since many of these providers have data centers in various countries. However, while performance, uptime, and security are typically discussed, there is one area that seems to never be mentioned when considering a move to the Cloud.
The one area that is not typically discussed or considered when moving to the Cloud is document management and retention. I spent the majority of my career managing backup and recovery systems. Having this responsibility has exposed me to dealing with legal hold, e-Discovery, and document retention. As a result, a few years ago I joined ARMA (Association Records Managers and Administrators). It was through this organization I realized there is a problem with storing data on the Cloud.”
Your Android Phone Could Put Your Data at Risk
According to Palo Alto Networks, Android devices have a dangerous vulnerability called Android Installer Hijacking which enables malware to replace legitimate apps with fake ones. Samsung, Google and Amazon have each released patches which protect the smartphones manufactured by them from this threat, but the security company says that 49% of the devices currently in use are still at risk. The good news is that Google officially stated that it didn’t detect any exploit attempts for this particular vulnerability.
From what I understand, the problem lies in APK installers downloaded from sources outside of the Google Play Store (this is probably one of the reasons why Android customers are constantly being told to avoid using third-party app marketplaces). APKs downloaded from other sources are stored in insecure locations such as the SD card and use an app called PackageInstaller to complete the installation process. The problem is that the installation app doesn’t check the file before beginning the setup process so the APK can be replaced or modified to include malicious code that can steal your private data (during the installation).
Basically, what happens is that the user accepts a certain set of conditions then chooses to install the application, but by the end of the process he or she may end up with a totally different app with extra permissions that the users didn’t agree to. It seems that rooting your device increases the risk, but this vulnerability affects devices that are not rooted just as well. The flaw has been found on a bunch of Android versions: 2.0, 4.0.3, 4.0.4, 4.1.x, 4.2.x. and 4.3 (but only on some devices). So, if your smartphone is powered by KitKat or a newer version, you’re safe.
Last year, when it was first discovered, the vulnerability affected 90% of the devices, but now the percentage has dropped to 49% (which still means millions of customers). Along with this announcement, Palo Alto Networks also launched an app (why am I not surprised?) called Installer Hijacking Scanner which can tell you if your device is vulnerable to this flaw or not. You can check the app out in the Play Store by clicking on this link. To read the entire report on this vulnerability click here.
Editor Informer Technologies, Inc
Computer Security: The law and unintended consequences [more on FREAK bug]
“COMPUTERS are notoriously insecure. Usually, this is by accident rather than design. Modern operating systems contain millions of lines of code, with millions more in the applications that do the things people want done. Human brains are simply too puny to build something so complicated without making mistakes.
On March 3rd, though, a group of researchers at Microsoft, an American computer company, Imdea, a Spanish research institute, and the National Institute for Research in Computer Science and Automation, in France, discovered something slightly different. They found a serious flaw in cryptography designed to guard private data such as e-mails, financial information and credit-card numbers as they wing their way across the internet. By exploiting this flaw, a malicious hacker could see such information as unencrypted text—and thus insert data of his own, such as password-stealing code, while making it seem to come from a trusted source.
Discovering such bugs in the mess of code that underpins the internet is not unusual. But unlike most flaws, this one—dubbed FREAK (for “Factoring RSA Export Keys”)—is not an accident. Rather, it is a direct result of the American government’s attempts to ensure, two decades ago, that it could spy on the scrambled communications of foreigners. That is an idea which, following Edward Snowden’s revelations about the long reach of Western spy agencies, is back in the news again.
In the early 1990s the internet was an academic network that was only just beginning to reach into the outside world. Security was an afterthought. Programmers at Netscape, a firm which made an early web browser, decided to correct that. They came up with a way to use high-quality cryptography to secure the link between a web page and its visitors.
In those days America’s government classified cryptography—then an arcane subject, of interest mostly to soldiers, diplomats and spies—as a munition, and regulated its export. American software companies could therefore supply their foreign clients only with an emasculated version that American spies, with their piles of powerful computers, were able to break.
It is this weakened cryptography that FREAK exploits. Although America’s rules were relaxed years ago, many web servers and browsers retain the code needed to comply with them—for this code still works and no one has bothered to rewrite it. The researchers found a way to persuade servers to generate 1990s-quality encryption keys from this code, and browsers to accept them. In the 1990s, only governments had the computing muscle to break such keys. These days, $50 of time on Amazon’s cloud-computing service will do.
According to the researchers, millions of people are likely to be vulnerable. For the trick to work, someone must be using an affected piece of software such as Apple’s Safari web browser, or the standard browser built into phones powered by Google’s Android operating system (though not Chrome, Google’s proprietary browser). They must also connect to a website that is configured in a way that makes the exploit possible. When the bug was announced, there were millions of such sites, including the websites of the White House, American Express and Bloomberg.
This time, fortunately, there is an easy fix. The number of vulnerable sites is already falling and Apple has promised a patch within days. But the idea of deliberately weakening cryptography in the name of national security has not gone away. Mr Snowden’s revelations about the extent of Western surveillance have persuaded many information-technology firms—including Google and Apple—to begin encrypting their users’ communications. Western governments, in turn, have begun demanding that those firms install cryptographic “back doors” to allow spies to unscramble those same communications, while reassuring citizens that their security would remain strong. David Cameron, Britain’s prime minister, said recently that there should be no form of communication that the government could not read.
But mathematics applies to the just and unjust alike; a flaw that can be exploited by Western governments is vulnerable to anyone who finds it. Matthew Green, a cryptographer at Johns Hopkins University, in Baltimore, observes, “this [vulnerability] has been open for decades. Who knows whether it’s ever been exploited? There are lots of smart people out there.” Weakening everyone’s security in the name of counter-terrorism may be a worthwhile trade-off, but it is a trade-off nonetheless.”
From: The Economist , Science and Technology, March 7 2015
Millions at Risk from “Freak” bug:
“Microsoft has issued a security warning about a bug that could let attackers spy on supposedly secure communications.
Called “Freak”, the bug was found in software used to encrypt data passing between web servers and web users.
Initially the flaw was thought only to affect some users of Android and Blackberry phones and Apple’s Safari web browser.
Microsoft’s warning suggests millions more may be at risk of losing data.
The Freak flaw was discovered by encryption and security expert Karthikeyan Bhargavan and lets attackers force data travelling between a vulnerable site and a visitor to use weak encryption. This makes it easier to crack open the data and steal sensitive information.
Statistics gathered by a group set up to monitor the impact of the Freak flaw suggest about 9.5% of the web’s top one million websites are susceptible to such attacks.
The monitoring group has also produced an online tool that lets people check if they are using a browser that is vulnerable to the flaw.
Apple is expected to produce a patch for the flaw next week and Google has updated its version of Chrome for the Mac to remove its susceptibility to Freak. It has yet to say what action it is taking with Android.
In a security advisory note released on 5 March, Microsoft said every current version of Windows that uses Internet Explorer, or any non-Microsoft software that calls on a part of Windows called Secure Channel, was vulnerable to the Freak flaw.
Microsoft has issued advice about ways to remove the vulnerability from some of its software but said applying these fixes could cause “serious problems” with other programs. It said it was working on a separate security update to remove the vulnerability.”
content from BBC News , Technology
Your Money or your Data:
WHEN internal e-mails and unreleased films from Sony were leaked late last year, it was the origin of the hack (perhaps North Korea) and the embarrassing detail (withering comments on film stars) that made the news. Less remarked was that the hackers had offered the media giant the chance to avoid the leak by acquiescing to its demands, which have not been made public.
Such cyber-hold-ups are on the rise globally and go far beyond big firms. More typical is the story of an Italian architecture draughtsman who turned to Digital Forensics Bureau, a computer-security firm in Turin, after unwittingly downloading”ransomware”—a virus that encrypted all his files and posted an onscreen message demanding cash to unlock them. Neither he nor the firm succeeded in cracking it. Faced with losing every file from his 14-year career, he capitulated, paid up and received a decryption key by e-mail.
Ransomware is here to stay, says Troels OertingofEuropol’s European Cybercrime Centre. The emergence of bitcoin, a digital cryptocurrency that can be used anonymously, is a big part of the reason. Most ransoms must be paid in it, and ransom notes typically explain how to buy it. Other online options such as PayPal require a credit or debit card, or a bank account, making them riskier for criminals.
Many of the extortionists are from Russia; its authorities are uninterested in hunting them down. Their victims are everywhere. In Australia alone, estimates the Australian Crime Commission, a government agency, between August and mid-December around 16,000 individuals, firms and government bodies paid a total of A$8m($7m) after downloading ransom ware. Not all victims get their data back: some refuse to pay, and just as 17th-century highwaymen sometimes took first money and then lives, their digital equivalents can renege on promises to unlock files. Ransomware programmers keep ahead of antivirus software by continually tweaking their code. Last year Europol and the Dutch National High-Tech Crime Unit warned that ransomware “kits” were available online, complete with tips on hiding profits from the authorities. And tricking people into downloading ransomware via an e-mail attachment is not the only approach. Extortionists often pay associates to post “malvertising” banner ads that lure traffic to websites that can take control of visiting computers, says a Parisian security researcher known as Malekal.
Until recently a victim with some technical skill might have been able to work around ransomware code, says Paolo Dal Checco of Digital Forensics Bureau. Now speedy innovation by attackers means victims are usually outgunned. In June a team led by the FBI seized computers that had been distributing CryptoLocker, a piece of ransomware. Specialists cracked it and created DeCryptoLocker, a free decryption service. But CryptoWall, an immune version, quickly appeared. in Septernber Nixu Corporation, a Finnish IT-security firm, found a way to disable particularly fierce ransomware called TorrentLocker-but within weeks its makers had fixed the weakness that the firm had spotted. According Dto Gregg Housh, an online marketer who is close 10 Anonymous, a hackers’ collective, the average ransom has fallen from about $800 in the past few years as extortionists have found the sweet spot where their victims simply pay up. In October Maria GraziaMazzolari, an official in Bussoleno, a small town in northern Italy, paid a €510 ($644) ransom herself when the authorities balked at using taxes to reward criminals. Shortly afterwards the sheriff’s office in Dickson County, Tennessee, paid $572 to recover thousands of files. Ransoms have fallen even further in Paris, says Eric Larcheveque. Most victims who buy bitcoin at La Maison du Bitcoin, his shop, spend between €160 and €275.
Estimating the profits from any type of cybercrime is tricky. But even though ran oms are falling, the new DickTurpins are raking it in. To collect ill-gotten gains in bitcoin, they must give a bit coin-account number: anyone can view transactions, though not the holder’s identity. Accounts used by whoever held Bussoleno to ransom racked up $109,400-worth of bitcoin in the next eight days.
Ruses used by 17th-century travellers, such as hiding valuables, hiring guards and picking routes with care, have echoes today. Web-users should back up files, use Antivirus software and firewalls, and avoid suspicious attachments and sites. But now, as then, the unwary and unlucky fall victim-and many see no choice but to pay. ■
From “ The Economist January 17th 2015
Preventing and Controlling Spam
Alright, let’s first get an understanding of what we are fighting against here. It’s called SPAM or unwanted e-mails advertising services not requested and it’s something that everyone struggles against. Remember when junk mail in your mailbox was your biggest complaint? Well, it’s gone electronic and thought they aren’t paying postage, it still costs. How much is it costing?
In 2007, Nucleus Research reported that spam costs U.S. companies $712 per employee each year. A $31,000-per-year employee spending 16 seconds each on 21 spam messages per day would cost about this much, according to Google’s calculator. That adds up to about $70 billion per year in lost productivity, Nucleus said.
SO HOW DO WE FIGHT?
Well, let’s establish some more reality here. The tools and tricks at our disposable are not going to be 100% perfect. We need to establish a realistic goal of significantly reducing the amount that we are being sent each day. We aren’t going to be able to eliminate it completely, but we can make our lives a lot better. So what’s realistic? Well, if you’re getting 20 Spam messages a day, reducing that number by 15 would be a good start. So let’s say reducing it by 75%. Now we just need to put a battle plan in place.
STEP 1: PREVENT NEW SPAM FROM STARTING
You’re getting 20 Spam messages a day, so let’s do a few things to keep that from going to 25 or more. Below are some tips to use that we’ve found from Spamlaws.com
Don’t participate in forwards [unless you remove all the email addresses in the email and Forward to your friends with their addresses in the BCC section, rather than the To or the CC sections]and ask your friends not to send you them – Forwarded emails tend to list the email addresses of everyone who has forwarded the message, along with the email addresses of everyone they forwarded the message to. This is an easy target for spammers to find long lists of email addresses to target. Be especially wary of signing any sort of petition too, since these can be created by spammers for the list of names and email addresses.
Use a complicated email address – The more complicated your email address is, the less likely it is to be generated for targeting by a spammer’s software. Spammers’ software normally looks for easy and obvious addresses first. If your e-mail isn’t already complicated, this may not be an option for you, so look at the next suggestion.
Create alias email addresses – Certain services allow you to generate multiple, anonymous email addresses that forward to your real email account. You can even reply to forwarded messages through your email account and have it appear as though you are replying through the generated one. This puts a level of anonymity between you and potential spammers. A good idea is to create a new email address for every website that you disclose your address to. If you start to get spam through that address, you know where the spam is coming from and you can delete the address and eliminate the spam.
Keep your home or business address confidential – Don’t give out your home or business address on registration webpages. Instead, use a service like Mailinator or Mailexpirer to create an address you use specifically for registration purposes. You should also do this when joining a listserv, message board, internet group, or when posting your email address on an online contact page, resume, etc.
Don’t give your real address for registration – If you can get away with it when registering on a website, newsgroup etc., use a fake email address. This will not work if you need to reply to a confirmation address though. In this case, use a service like mentioned above or an email address you create specifically for those purposes.
Don’t use your email address as your screen name – If you participate in chat/message boards or anything similar where you register a username, don’t use the section of your email address before the @ sign as your screen name. This confirms a questionable email address to spammers, and they will often try to add “@hotmail.com,” “@yahoo.com,” etc. to create an email address (yours) to target.
Don’t click the UNSUBSCRIBE LINK unless you know the company or service sending the email – Most companies who send out legitimate e-mails abide by the CAN-SPAM Act which in 2004 stated how companies were to send out advertisement e-mails and what the restrictions were. One of the requirements is that the company provide an OPT OUT method (usually a link at the bottom of the e-mail) so that you can choose to no longer receive the e-mails. Large companies like Microsoft.com or CNN.com or e-mail services that companies use like ConstantContact.com will do this in order to be compliant. The problem is that the spammers who don’t obey the law will actually use this same requirement to “verify” that the e-mail they just sent the spam to is a legitimate e-mail. When they get a response to take the e-mail off the list, they do the reverse and add it to every list they have. So unless you recognize the company or service, don’t unsubscribe!
STEP 2: REDUCE THE AMOUNT OF SPAM YOU ARE CURRENTLY GETTING
Now, in this step we have to ask a question: “How do you check your e-mail?” We ask that because the software or service you use will determine how you’re going to fight it. See, some people go onto the Internet, open up a website like Yahoo.com or Gmail.com and just login to check the mail. Other people open up a program on their computer like Outlook, Outlook Express, Microsoft Mail, Thunderbird, etc. and get all of their mail to be delivered down to their machine. So the suggestions that come next will be based on how you do it.
I CHECK BY GOING ONLINE TO LIKE AOL, YAHOO, GMAIL,ETC.
CHANGE YOUR SPAM SETTINGS – Most online services have a section in their system where you can change how strict they are about letting spam in to your inbox. By default, they are usually set to low or medium which will allow more spam in. Why? Well, they personally hate getting calls and e-mails from angry customers about an e-mail that got flagged as “spam” when it really wasn’t and the customer missed some important event or deadline, so they are willing to let more spam come through. Now, in defense of the e-mail providers, let us explain something. Please understand that the online providers don’t have people sitting there going through all the mail deciding what’s spam or not. They are using software that scans every e-mail going into their system that looks for certain factors to determine if the e-mail is spam and then gives the e-mail a score. If the score is higher than the software thinks it should be for a legitimate e-mail, it will flag it as spam. What’s something that will give an e-mail a high score? Having advertisements at the bottom of the e-mail for the e-mail service or another company. Any type of advertisement within the e-mail is going to give it a higher score than one with just text and a signature.
Going back though to the Spam settings, if you don’t know where you can go to change your settings so that it is more restrictive, then look for the HELP section of your e-mail service and type in SPAM SETTINGS or SPAM BLOCKING. This should guide you to where you need to go.
I USE A PROGRAM ON MY COMPUTER LIKE OUTLOOK OR OUTLOOK EXPRESS
EDUCATE YOUR E-MAIL PROGRAM – Most programs will have the ability to “educate” or “train” the software to learn what is Spam and what is not. Now, the issue here is that this doesn’t keep the spam from coming down to your computer so much as once it comes down, it automatically moves the spam e-mail to either a SPAM FOLDER or to wherever deleted e-mails go. For some, this is good enough since they don’t have to waste time with going through each e-mail and deleting them. For others, they would rather not have the spam even come down and for those we’ll discuss that in a moment.
Junk Email Menu Option in Outlook 2003
Ok, so for most programs, to train the program, just RIGHT CLICK the e-mail that you consider SPAM, and you will see a choice in the menu that comes up about SPAM or JUNK E-MAIL. If you don’t see anything, take a look at the top of the program at the buttons and see if you see anything about SPAM. Again, if you still can’t find anything, go to HELP and type SPAM BLOCKING or JUNK E-MAIL.
Once you choose to tell the program that this type of e-mail is Spam, you may get the choice to mark just the e-mail sender or the entire company as being someone you don’t want to get e-mails from. If you choose “sender,” the e-mail address will have to match exactly for the program to know to identify the e-mail as Spam. If you choose “domain” or “company”, any e-mails that come from “@somecompany.com” will automatically be flagged. Again, only those e-mails that come from that domain or company will be flagged. If the spammer changes the e-mail address just slightly, it could get through and show up in your inbox.
ANTI-VIRUS PROGRAMS CAN HELP – Depending on who you use for antivirus or antispyware, it may scan the e-mail for you and mark the e-mail in the subject line as SPAM to help you identify the e-mails better. Again, it’s giving each e-mail a score and it could flag a legitimate one as being SPAM, so you have to be willing to check your Spam folder occasionally for e-mails that shouldn’t be in there.
SPAM FILTERING PROGRAMS – If you want to get even better filtering results than your e-mail program or antivirus program, you can install a program that focuses just on spam filtering. One of the best out there is Cloudmark’s DesktopOne, http://www.cloudmarkdesktop.com/. This is a FREE download that will install a toolbar in your e-mail program that scans the e-mail as it comes in letting it go to the inbox or the SPAM folder. So what makes this different than what you already have built into your email program? Mainly the accuracy and the lack of having to train it. It’s already “learned” what most consider spam and doesn’t need you to tell it. The FREE version only allows for you to scan one e-mail account and into one folder, so if you have multiple e-mail accounts being downloaded into something like Outlook or Outlook Express, you will need to upgrade to the professional version which is only $19.95 a year.
WHAT ABOUT AT MY OFFICE?
Companies have been struggling to find a way to curb Spam for years because they know that it does nothing but slow their employees down as well as bog down their servers. It costs companies money to store those unwanted e-mails along with the good ones, so if they can find a way to prevent them from even being delivered, they would be very happy.
Well, actually, a whole industry has developed around that need, but surprisingly, a lot of companies are still not using the services. Spam Filtering Service companies provide these benefits to companies and they do it a little different than what we’ve talked about so far. Spam Filtering Service Companies (SFSCs) actually have their clients e-mail routed to their servers first and then their servers pass the e-mails on through to the company. The SFSCs act like a “net” catching all the unwanted spam e-mails and let the good e-mails pass on through so their clients never see the bad ones.
So what about the questionable e-mails? The SFSCs actually send the individual users a summary e-mail stating which e-mails they are holding that they aren’t sure about and the individual user can quickly click on a link that says ALLOW beside each e-mail they want sent. The others are simply discarded away. And after a couple of times of this, the SFSC service learns what the individual considers good and bad and becomes even more accurate not having to send the summary e-mails very often.
Depending on the service, the prices can start at $2.25 / month per user in the company although the SFSCs usually have a minimum of employee e-mail accounts that they need to scan to setup an account, but often the numbers can be a few as 20 employees and with success rates of 95% and higher, that’s not a bad price for eliminating bogus e-mails.
Sources used for this article: