443-992-7394

Another Website Hacking Incident: What the LinkedIn & DropBox Hacks mean

First there was the infamous LinkedIn hack a few months ago. Now, another major website has been attacked, Dropbox.

“Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts,” said Aditya Agarwal, VP of engineering at Dropbox. “We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.”

In instances such as these, hackers breach a website to steal usernames and passwords in hopes that these login credentials work for other services, as well. If they do, these hackers harvest personal data to use in future scams.

Protecting your Information: Simple IT Security Tips

The only way to truly prevent cyber-attacks is completely avoid using the Internet, which is nearly impossible these days. There are, however, several ways in which you can make your business network more secure. These security tips include:

  • Stop Password Reuse: Do not use the same password for multiple accounts. Yes, using multiple passwords will not be as easy to remember, but it will make you much less susceptible to cyber-attack.
  • Reset your Passwords Regularly: Security experts advise people to regularly change their passwords.
  • Choose your Security Question Carefully: Don’t make it too easy for hackers to access your information. Do not use personal information or basic information that can be found on the Internet.
  • Be Careful: Only access the Internet over a secure network.
  • Keep Everything Up to Date: Keep your operating system, browser, anti-virus and other critical software up to date.
  • Outsourced IT Security Services from Working Nets: Data protection is crucial. Working Nets assures that your vital business data is available when you need it by implementing tools to protect you!

If you have any questions about Hackers, Hacking, and IT Security, please contact Working Nets by calling (443) 992-7394 or visit WorkingNets.com today!

Welcome to Working Nets – your virtual IT Department!

At Working Nets, we support your business by providing top-notch Information Technology (I.T.) services to companies like yours: Companies that don’t need full-time I.T. services, but do need someone to turn to, when they are having a problem. We provide services like Network Design, Monitoring and Maintenance. We troubleshoot technical issues when they arise, and give you options for solving them. We help you use your technology investment to achieve your business goals.

At Working Nets, our focus is on your needs!

You can also follow us on Facebook, Twitter, LinkedIn, and Google+.

Outsourced Preventative Computer & Network Maintenance Program

Productivity is crucial in any business.  For this reason, we at Working Nets have put together a preventative maintenance program to analyze your computer systems for potential problem areas to keep your business running smoothly, reducing costly downtime. And by reducing downtime, your office remains more productive, more often.

The Benefits of Working Nets’ Preventative Maintenance Program

  • Productivity: As we have already touched on, Working Nets can identify and remedy problems before they result in downtime, meaning your employees can remain productive.
  • Minimize Breakdowns: Besides keeping productivity high, preventative maintenance helps eliminate most costly breakdowns.
  • Keep Data Secure: You rely on your business information to stay profitable. So doesn’t it make sense to do whatever you can to protect your business critical information?
  • Optimize Machine Performance: Regular maintenance can help you get the most out of your machines.
  • Reduce Intrusion: Hackers can be a business’s worst nightmare. Is your network secure?

Performing proactive maintenance, by taking care of the overall health of your network,  is the most cost-effective and efficient way to prevent system problems and minimize breakdowns.

If you have any questions about Prevetative Maintenance or Outsourced IT Services, please contact Working Nets by calling (443) 992-7394 or visit WorkingNets.com today!

Welcome to Working Nets – your virtual IT Department!

At Working Nets, we support your business by providing top-notch Information Technology (I.T.) services to companies like yours: Companies that don’t need full-time I.T. services, but do need someone to turn to, when they are having a problem. We provide services like Network Design, Monitoring and Maintenance. We troubleshoot technical issues when they arise, and give you options for solving them. We help you use your technology investment to achieve your business goals.

At Working Nets, our focus is on your needs!

You can also follow us on Facebook, Twitter, LinkedIn, and Google+.

DNS Changer Virus – Fix it NOW!

Back in March, I posted an important piece about the DNSChanger Malware, and the problems it was scheduled to cause if not fixed. In the end, the date was extended to this coming Monday (July 9, 2012). But on Monday, if you have the virus, and you haven’t fixed it, you’re going to discover that you effectively have no Internet.

One thing I’d like to make perfectly clear, because there’s been some confusion about it: If you have the malware on your machine, your loss of Internet is a function of that malware – it has nothing to do with your ISP blocking anything. Your DNS is what’s blocking it.

If you’d like to check on whether you have this nasty little buggy, click over to the DNSChanger Diagnostic page – it’ll tell you.

If you are affected, fix it, if you can, today. And if you can’t, call us – or whomever you use for your support services.

DNSChanger Problems Not Over

For the past several years, one of the worst malware problems that we’ve seen has been what’s been called DNSChanger. It’s not because it’s particularly difficult to remove, although it isn’t easy. Rather, it’s because of how it compromises a user’s Internet security.

To understand what it does, we need a brief explanation of DNS. DNS stands for Domain Naming System, and it’s essentially the Internet’s phonebook. Your computer doesn’t really know what www.yahoo.com is. It might know it as  98.139.180.149. But you aren’t going to remember that. So instead, when you enter that into your browser, your computer asks the DNS system to give it the correct number, aka the IP Address. And how does it know? Well, it asks. It asks its upline, which then might ask its upline, etc. until it finds a DNS server that knows the correct address. Then the answer gets cascaded down to your machine, which then knows where to go.

But what would happen if your DNS server lied to you? What would happen if you asked for www.yahoo.com, and it came back with 173.201.243.1? Your browser address bar would still show you http://www.yahoo.com, but the actual website wouldn’t be Yahoo’s. But what if the webserver at that address was mocked up to look like Yahoo’s site? Well, now we have some real trouble, because you, as the user, would never know that you were entering your Yahoo username and password into a site that wasn’t Yahoo, and you’d be giving the owner of that fake-site your real Yahoo username and password.

And what would happen if it wasn’t Yahoo they hijacked, but Wells Fargo, Bank of America, PayPal, etc…? See the problem?

That’s what DNSChanger does… or did. Once installed on your system (and it infects both Windows and MacOS), it changes your DNS servers to ones that lie. They send you to custom-crafted websites made to look like other real sites, in order to steal your account information.

Now the good news is that the FBI and several foreign governments stopped it! Operation Ghost Click resulted in a number of arrests, and best of all, they got the fake DNS servers. And then they did a smart thing: They decided to fix those fake DNS servers, and make them real DNS servers, so that all the machines infected with it would just start working properly. Users need never know that their machines were infected, because the infection amounted to nothing.

But alas, bureaucracies can never leave a good thing alone. The German Federal Office for Information Security has decided that, on March 8, 2012, those fake-now-good DNS servers will be taken down. So now, and this is the reason I’m posting this, on March 8, many people will suddenly find themselves unable to use the Internet. If this happens to you, your machine is probably infected.

If that happens to you, you can call your local IT service company, or try to remove it yourself. Here are some links to get you started.

Expectations of Privacy

In the future, there will be no privacy. Truth is, there’s really not so much of it now, but in the future, we’ll all know it, and not be shocked or surprised when we discover that it’s been breached. Now isn’t that a cheery thought?

I don’t know if it will actually become Law, or just the understood de-facto situation, but it will happen. It will be due, in part, to “Big Government,” in all technologically-adept countries, but it will also be due in part to carelessness: on our parts (i.e. Consumers), and on the part of the companies we need to work with.

Our Part

As consumers, most of us are usually looking for the easiest path to just about anything. Whether it’s something that’s good for us, or not. We want it “easy.” That’s why we don’t fix our default FaceBook settings, unless someone posts something about how we should. It’s why we use the same username and password for every website on the Internet; why most of use passwords like, “Password” or “123456”, and why we keep even those on a piece of paper we carry around with us, or have it on a Post-It Note stuck to our monitor, or to the bottom of our keyboards (if we really want to be sneaky!), or maybe we even have it in an unencrypted text document called Passwords.txt, on our computer’s desktop.

We say we care. We even think we care. But we don’t – not really. Because “Security” is, by its nature, inversely-related to “Easy.”

The Companies We Work With

If we don’t care about our own privacy and security, why should others care? And so we have breaches at Sony, which compromised hundreds of thousands of user’s data, including usernames, passwords (which we’ve already established, we use for everything), real names, email addresses, and other bits of information. And what did people really care about? Well, the PlayStation network was down for a few weeks! They couldn’t play MegaGoryDeath VII! I don’t recall there being much out there about masses of people changing their passwords for everything.

This morning, I read Casey Halverson’s excellent piece about the Nissan Leaf’s new CarWings system. Now CarWings is intended to make things really easy for the driver, and frankly, it does a bunch of really cool things. Among those things, is an RSS reader, which enables the user to setup feeds from various websites, that it will then read to you. So you can listen to the latest CNN or FoxNews articles, while you drive. But it’s the GET request that Casey found so interesting. (An HTTP GET request is the message your computer sends to a web server, in order to request information from that site.) Usually, GET requests are formulated to provide certain information to the web server, so that the server can better provide the data to you. For example, it will usually contain the name of your browser, so that it can be used to better format the page for you. In this case, as Casey demonstrates, CarWings also includes your current latitude, longitude and speed, as well as your destination latitude and longitude, if you’ve put that into the GPS module. This information is sent in clear text across the GSM cellular data connection, to any site you point it at. At the moment, sites are probably not configured to actually use that information for anything, but in the future, it could be used to, say, enable local businesses to promote themselves to you, as you drive. Imagine driving down the highway and having the car tell you that you need to charge up the car, and that there are 3 charging stations within 5 miles of you right now, and that the Shell station at on Exit 35 has the best price today, but that the Exxon station at Exit 36 is offering a free car wash. Hey – that’s pretty cool. But now imagine getting a bill from the local police dept. because you were driving over the speed limit. Imagine a stalker knowing not only where you are, but where you’re going. Now it gets a bit more scary. And what if the rapist in the car behind you has a GSM scanner, and can discover where you’re heading. Now he can follow you at a leisurely distance, or perhaps even beat you there (think Little Red Riding Hood), instead of trying to find an opportune moment to do it.

But we like the “features” aspect of it all, so we don’t complain about these types of things – at least not loudly. And so there’s really no disincentive for manufacturers to pull this sort of thing. We just don’t care.

What can we do?

We can vote with our feet, and our keyboards. We can tell Nissan, and others, that we don’t trust them with that much personal data. That we aren’t going to buy the Leaf, even though we like the car otherwise, because we believe it’s an invasion of our privacy. We could rail, not whimper, when Sony or Best Buy or others get hacked and expose our personal data, which could have been much more protected had they taken the simple expedient of encrypting the data! Then companies wouldn’t even think of doing things like this. But as long as we just shrug our shoulders, and go on with our days, they won’t bother.

Is this what we want? Is it what we need? I guess that’s a political argument. I’m just reporting on the technology.