alt tag

Posts from April, 2014


Homeland Security Issues Warning Over Serious Internet Explorer Bug

Wednesday, April 30th, 2014

Serious Security Flaw Found in IE

ie-bugA security flaw or bug has been discovered in Microsoft Internet Explorer (IE), which affects all versions of IE from 6 to 11. This flaw allows a hacker to potentially gain access to your computer and hard drive when a bad link be clicked.

At this time, the U.S. Department of Homeland security, as well as their UK counterparts, have advised people not to use the Internet Explorer Web browser until a fix is found for this serious security flaw. When the DHS gets involved, we know it’s serious!

Though the security flaw is targeted primarily at the defense and financial industries, it is important all people take the necessary precautions and not use IE until a solution is found.

“We are currently unaware of a practical solution to this problem,” the Department of Homeland Security’s United States Computer Emergency Readiness Team (CERT) said in a post Monday morning.

It is recommended that users and administrators “consider employing an alternative Web browser until an official update is available.”

Microsoft confirmed it is working to fix the code that allows Internet Explorer versions 6 through 11 to be exploited by the vulnerability. As of Monday morning, no fix has been posted.

Because Microsoft discontinued all support for Windowx XP on April 8th, all indications are that the flaw will NOT be fixed for the XP operating system.

 

Technical Info:

http://www.kb.cert.org/vuls/id/222929

Microsoft typically releases security patches on the first Tuesday of each month, what’s known as Patch Tuesday. The next one is Tuesday, May 6. Whether the company will release a patch for this vulnerability on or before that date is not known at present.

Computer users who are running the Windows XP operating system should permanently discontinue use of the Internet Explorer browser, and replace the XP systems with a newer OS as soon as practical.

 

 

Use IT to Increase Workplace Productivity – Get the Whitepaper!

Monday, April 21st, 2014

It is vital that Information Technology enhance workplace productivity, rather than hinder it. With proper IT systems and management in place, it is possible to accomplish your work faster and with far less risk of downtime and technology inefficiencies.

A productive IT environment also helps increase overall ROI. More reliable technology means less downtime and support costs, which can wreak havoc on a company’s bottom-line.

whitepaper picDownload our whitepaper, Zero in on Downtime with IT Productivity, to start thinking more effectively about using IT to help your office run smoothly, more efficiently and profitably than ever before.

The white paper includes step-by-step actionable items and information about limiting business downtime and enhancing IT productivity, such as:

  • The Importance of IT Standardization
  • What to look for in an IT Advisor
  • How investing in a Disaster Recovery system can actually save you money
  • What You Need to Know About Power Protection

Find the Whitepaper here!

Critical Action Points to Protect Yourself from Heartbleed Bug Vulnerability

Friday, April 11th, 2014

heartbleed-openssl-bug
We don’t want to inundate you with more background information about the Heartbleed bug (you’ve been bombarded with it across the internet and daily news since it was announced Tuesday!), but rather outline the critical takeaways and action points you should take right now to protect yourself from possible future harm.

New information is released about Heartbleed every hour, and frankly, it’s downright difficult to stay on top of the most critical news. Who exactly is at risk? Was my information compromised? Should I be concerned?

Though it is not yet known for certain if criminals have accessed private keys by taking advantage of the Heartbleed security flaw, The New York Times wrote on Wednesday, April 9th:

“In the worst-case scenario, criminal enterprises, intelligence agencies, and state-sponsored hackers have known about Heartbleed for more than two years, and have used it to systematically access almost everyone’s encrypted data. If this is true, then anyone who does anything on the Internet has likely been affected by the bug.”

This article goes on to say that “before you panic, it is worth remembering that, at this point, we don’t know how close we are to the worst-case scenario. It is possible, though improbable, that the security researchers who exposed this flaw were, in fact, the first people to find it, which would mean that it has only been known about, and exploited, for a few days.”

In other words, we really don’t know the exact extent of the damage done.

Though companies like CloudFlare have set up the Heartbleed Challenge, asking hackers around the world to try their skills at accessing the secret keys from a vulnerable site to determine if it really is possible, no one has successfully done it…yet.

We’re certain a great deal more information will be unearthed in the hours, days, and weeks that follow this article, but for now, we will outline the most important action points you should be taking now.

Critical Action Points

  • Even if you haven’t used Yahoo mail in years, it is quite possible you opened a Yahoo account at some point in the past (perhaps even forgot you had one) and that your login information may be the same or similar to your login information on other websites. It is imperative you change your Yahoo password and then change any passwords on other sites that are the same or similar to your Yahoo password! This is especially important if a site might use your Yahoo mail address for your account’s login name or password recovery. Hackers frequently try known passwords for email addresses at a bunch of sites to try to penetrate even just one of them, which is why changing your login credentials is absolutely critical.
  • We advise changing passwords of ANY site having your personal or financial information, and due to the practice mentioned above, it’s necessary to have them all be different from each other. Yes, this is a massive pain in the you know what, but it’s best to take these precautions just in case.
  • Half a million widely trusted sites were vulnerable to the Heartbleed bug.Test if a site you are using is vulnerable here: Heartbleed Site CheckerIf you use the Chrome browser, there is a plugin that will alert the user if a site they are visiting is vulnerable to the bug.Follow this link to install the Chromebleed checker.If the plugin alerts you to a site that is still vulnerable, we recommend not logging in to that site until they have patched their servers.

However, just because a site is not vulnerable NOW, doesn’t mean it wasn’t vulnerable at some time in the past 2 years!

This is why we recommend changing your passwords everywhere – you can never be too careful!

Most large online websites have already taken the relevant steps to protect their users, but smaller sites will take a bit longer to get this going.

 

separator

UPDATE:

Nine hours into the CloudFlare Heartbleed challenge, the first secret key was brought forward. Several other challengers were able to access the key soon after, proving an attacker can in fact access a key from a vulnerable server.

The Heartbleed vulnerability is a very real threat to our identities and private information – this is even more reason to follow our Critical Action Points above.

 

R.I.P. Windows XP. Current Users Now at Greater Cyber Risk

Tuesday, April 8th, 2014

microsoft-xpMicrosoft Corporation has just announced it will stop supporting Windows XP, one of the world’s most popular and successful operating systems.

Though Microsoft XP will not magically disappear from the desktops of anyone currently using it (which is a LOT of people!), Microsoft will stop supporting it. This means no more updates and patches. Microsoft Windows has stated that “technical assistance for Windows XP is no longer available, including automatic updates that help protect your PC.”

If you are currently running Windows XP, please read on. This is extremely important!

We know you don’t want to hear this, but it is time to replace every single XP machine attached to your home or office network.  

Since Microsoft will not be releasing any more security patches, XP is likely to become an easy route for hackers and virus writers to infiltrate your organization. It is therefore imperative that anyone still using Windows XP change over to a fully supported OS as soon as possible to limit cyber-security risk.

PC World’s Windows XP “Obituary” points out that “in March…27.7 percent of all desktop PCs tracked by NetApplications ran Windows XP.”  This is a staggering number of current XP users that are now at greater risk for cyber attack.

Don’t wait until it’s too late!

 

separator

Please let us know if we can help walk you through this process and as always, contact us at MPA with any questions.

 


 

Beware Email Spoofing! Protect Yourself Now!

Friday, April 4th, 2014

email-spoofing

We have recently seen a rise in a disturbing phishing scam called email spoofing.

Email Spoofing

A spoof email is an email that looks as if it came from a trusted friend or acquaintance, but is actually malicious in nature. These emails are particularly nasty because they really look like they are coming from a friend – they may even include an email signature that looks completely legitimate.

However, upon closer examination you will notice that the name and email address do not match. These criminals aren’t hacking into email accounts to send emails from a legitimate address, but are spamming with phony emails meant to look like they’re coming from a trusted source. These emails will always ask the reader to open a link using some kind of vague question or command like “have you seen this?” or “please click this link.” DON’T CLICK! Clicking the link is what exposes your computer to a ransomware virus or other malware.

How are these criminals accessing our information?

So what’s behind this email spoofing madness and how are these criminals accessing your email address and your friends’ information?

facebook-friends-list

Very simple – Facebook.

Yep, the social media giant suffered an attack last year that compromised user data, exposing users’ email addresses and information from their Friend Lists. Facebook plugged the hole, issuing this statement:

“Recently, we discovered a single isolated campaign that was using compromised e-mail accounts to gain information scraped from Friend Lists due to a temporary misconfiguration on our site. We have since enhanced our scraping protections to protect against this and other similar attacks and will continue to investigate this case further.”

Of course, the damage had already been done and we are still seeing the effects of it today. Spammers still have access to information scraped previously and are continuing to send these phony emails. And they will continue to do so as long as people fall for them, which is quite regularly.

This can and will happen again

social_mediaDo not think of this as only one, isolated incident that will never happen again. There are indications this is happening or can happen on other social media sites. Hacking social media is extremely profitable for criminals because it allows them to access peoples’ email addresses and the list of people they communicate with most often. This is extremely valuable information if you want someone to open a malicious email.

The Facebook data breach information will be used by hackers for years. This is particularly scary because one’s email address and friends rarely change while the sophistication of attacks improves.

Be on your guard!

If you receive an email from a friend or acquaintance but something seems fishy, it most definitely is. Vague or strange questions and an unknown link should all tip you off that it is a phishing email. However, as these attacks increase in sophistication these tip offs may not be so obvious. Hackers will hone their messaging to make an email look as legitimate as humanly possible. A good bet is to always scrutinize the “Reply to” email address. If it doesn’t match the sender’s name, delete the email immediately.

Be vigilant, and as always, please contact us here at MPA if you have any questions regarding this issue.

Happy 31st Birthday, MPA Networks!

Tuesday, April 1st, 2014

We are incredibly proud to launch into our 32nd year of business today! Thank you to our clients and wonderful team for making MPA Networks all it is today. “Without an amazing team, this simply does not happen,” says Michael Price, CEO.

MPA 30 Yr Timeline

Please take a look at our 30-year Anniversary timeline for more information about Michael, the company, and how MPA achieved this great milestone (It’s a fascinating read – we promise!). Just click the image to the left.

We look forward to delivering best-in-class IT services and serving our amazing clientele throughout the San Francisco Bay Area for many years to come!

 

 

As always, be IT-Strong!

 

IT_strong_30_years