Blog

March 4th, 2015

Sec C 164Are you concerned about internet security? Did you know there are a few simple ways to get increased protection that require only minimal investment of time? We’re not just talking about changing your passwords regularly or installing antivirus software. There are a few other methods that are less often talked about - here are three tips to boost your internet security that you might not have thought of yet.

Embrace two-factor authentication

Also known as two-step verification, most of us have likely dealt with this at one time or another. When you’re logging onto your bank’s website or your email account from a different computer than you normally use, you’re sometimes prompted for a one-time password - sent to you via text message, email or via some other method.

Nowadays, many sites such as Facebook, Dropbox and Twitter also give you the option to use two-factor authentication each time you log in. So if you’re looking for an easy way to up your security, it can give you that extra protection without slowing you down too much.

Update browsers and devices

Did you know that dated versions of browsers, operating systems and even other software packages can create an easy entry point for hackers? Often, new updates are created specifically to fix security holes. And hackers are ever aware that people can be lazy - saving that update for another day that never seems to come. They’ll often try to take advantage of this, searching for outdated devices to infiltrate while their victims watch YouTube on last year’s version of Firefox.

Yes, installing an update might take 15 minutes of your time. But it can pay dividends in preventing a security breach that could cost you or your business thousands.

Use HTTPs

When was the last time you typed those letters into a browser? Probably not this decade. It’s no wonder most people are unaware of this tip. So for those who are oblivious, https is the secure version of http - hypertext transfer protocol. Believe it or not, that last “s” actually adds an extra layer of protection. It encrypts information sent, both ways, between a website’s server and you.

You’re probably thinking, adding that last “s” to http (or even typing in http in general) is a complete pain in the rear. So to make this easier you can actually install a program like “HTTPS Everywhere” that’ll automatically switch an http into an https for you. Currently “HTTPS Everywhere” is available for Firefox, Chrome and Opera.

Looking for more tips to boost your internet security? Get in touch to find out how we can help.

Published with permission from TechAdvisory.org. Source.

Topic Security
February 18th, 2015

Security_Feb18_CWhatever services and systems we use to share, store or transfer personal and business information online, we want the reassurance that our data is safe and that everything possible is done to prevent it from falling into the wrong hands. But we also know that security breaches happen, as they did with the large-scale celebrity photo leaks in 2014. Since then, Apple platforms in particular have been prevalent in discussions about the security of such platforms - but Apple is now seeking to bolster its security defenses with the launch of a two-step authentication feature for the FaceTime and iMessage applications.

After the fall-out from the celebrity photo leaks, Apple extended the two-step authentication process (also known as two-step verification) to iCloud, the online storage platform at the center of the scandal. The feature was initially introduced only to the user IDs for access to Apple accounts; the motivation for the launch of that extra security measure was the hacking of a journalist’s data back in 2013. But what is two-step authentication and how does it work to protect your data?

The premise behind two-step authentication, which experts recommend all businesses implement as part of their security strategy, is actually pretty simple. Usernames and passwords are all too easily stolen by malicious parties, whether by phishing emails or a more sophisticated hacking attack. So, rather than typing just your username and password to access your account, the password is teamed up with a four-digit verification code which is newly and uniquely generated each time you attempt to access your account.

The verification code is delivered by text message (meaning that to use the two-step verification feature, you’ll need to have a cellphone to receive the SMS on). As a result, even if a hacker manages to get hold of your password, unless they also have your phone by their side then they won’t be getting into your account. This authentication method is already used by organizations around the world including banks, mobile service providers and other companies who recognize the added layer of security that it brings. And now you can give yourself the same level of protection to ensure that only you can FaceTime your family and send iMessages to your friends.

Fear not, there’s a backup plan to ensure that you can still access your accounts if you happen to forget your password or if something happens to your phone so you can longer receive authentication codes. Apple also provides you with a 14-character recovery key that will get you back in if all else fails. To enable two-step authentication for your FaceTime and iMessage applications, login to your Apple ID account, select Password and Security and then click Get Started under Two-Step Verification.

To find out more about using two-step verification and other security measures to protect your business, contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
January 29th, 2015

Security_Jan28_CThink your security is taken care of with a frequent anti-virus scan? Think again. While we’ve all become used to the idea that viruses, worms and other malware - however much disruption and damage they cause to our systems - can be detected and removed thanks to the tracks they leave as they create havoc, that’s no longer something to count on. Proving the point is Poweliks, an invisible trojan horse that evades being picked up by anti-virus software. Read on to find out all you need to know about Poweliks and how to fight it.

What is Poweliks?

Security firm Symantec describes Poweliks as a trojan horse that performs malicious activities on the compromised computer. But it’s no ordinary trojan - unlike the majority, which infect your computer with malicious files, Poweliks is a silent and invisible threat that hides away in the memory registry of your system. It’s not entirely new for a virus to seek to cover its tracks by making itself "file-less" but, in contrast with Poweliks, most are wiped when you restart your computer and its memory is cleared. Worse still, Poweliks hijacks the legitimate processes and applications running on your network, inserting its code into them where it can largely evade detection.

First discovered back in August 2014, Poweliks has therefore created something of a headache for firms behind conventional security solutions like anti-virus software. Symantec and others have admittedly managed a number of updates to their protection in response to the threat posed by Poweliks. But although very minor records of the presence of the trojan are left behind by way, for instance, of registry logs, the signs of its destructive presence are much lower key than the computer world is used to, meaning Poweliks is unlikely to show up on most system scans.

Poweliks has links to Kazakhstan, the home of two servers the malware connects to once it is up and running from within your computer. The servers in Kazakhstan then send commands to the bug to tell it what to do next. In theory, this then makes way for the tool to be used to download other undesirable programs that could infect your system without your knowledge. It could equally be used to steal and disseminate data from your network.

How can I best protect myself?

As well as the anti-virus updates that have gradually been released - but which are still likely to have only a limited impact on threats of this type compared with those of the past - a number of Poweliks removal guides are now available online. Nevertheless, prevention as ever, remains better than cure. One method reported to have been employed in the distribution of the Poweliks infection is embedding it in a Microsoft Word document, which is then sent as an attachment to spam emails, and which the attackers hope your curiosity will lead you to open. Among the senders that these spam messages have masqueraded as being from are the United States Postal Service and Canada Post. Of course the best advice remains to be suspicious of any and every email attachment you open, particularly if you weren’t expecting mail or it's from someone you don’t know.

Should I be concerned?

In fact, revisiting your everyday security precautions is probably pretty good advice all round, since experts predict that this type of threat is likely to become ever more common as attackers seek to exploit the techniques of Poweliks in order for their infiltration to remain unnoticed for as long as possible. Sure enough, a number of copycat threats have already been detected by security specialists as of the start of 2015.

General awareness around web sites you choose to visit is also recommendable in particular, since others have also reported the bug making its way onto their systems thanks to so-called ‘drive-by download attacks’ - whereby simply visiting a malicious web site is enough to trigger the infection, and actively downloading a file isn’t even necessary. As a result, organizations may wish to consider more comprehensive filtering of internet access, or at the very least reactive blocking of known malicious sites, in order to prevent employees from inadvertently infecting a company network.

To find out more about IT security solutions and protecting your technology from attack, contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
January 14th, 2015

Security_Jan12_CThe scale of the recent security breaches at Sony, which led to the cancellation of The Interview’s theatrical release, can make the company’s problems seem beyond the realm of the average small business. But the security mishaps that created the circumstances for the hack are as applicable to modest local and regional companies as they are to multimillion dollar corporations. These three tips will take you back to security basics and help avert your own big-screen drama.

Don’t let basic security habits slip

Our modern-day instinct tells us that the answer to potential security breaches is to install new layers of antivirus software, firewalls and further encryption systems. While these are all worthy additions to your company’s armor of security shields, they will do little to help if good old-fashioned protective habits are allowed to slide.

Instill a disciplined, security-conscious mentality in your organization, and keep the messages simple so that staff remember and follow them. Focus on regularly changing passwords and keeping them secret, being vigilant about avoiding unexpected links in email messages, and limiting network access for the likes of external contractors to that which is absolutely necessary.

One of the ways hackers made their way into the Sony network was by tricking administrators into thinking they had a legitimate need for access: teach your staff to be careful, and praise cautiousness even if it turns out access is warranted. Encourage staff to flag up potential security lapses, and make sure they know that reports will be followed up and loopholes closed.

Take a flexible and agile approach to IT

IT changes, and so do the ways best suited to keeping it safe. This means it is vitally important to keep your IT systems up to date, and where necessary to do away with outdated practices that could leave your business technology exposed. This involves more than just ensuring that your network is running updated antivirus software to catch the latest bugs and worms - it means staying abreast of emerging methods to mitigate potential threats from hackers worldwide.

All of this uses staff and resources that your small business might not have - which is where outsourced managed services come in. Using a managed service provider as an add-on to your own IT team can give you extra flexibility and the ability to keep abreast of industry security developments, even when you lack the time to do so yourself.

Equally, know when it is time to ditch data - think of emerging social networks like Snapchat, which set messages to self-destruct after a set time, as your cue to make your data retention policy less permanent, particularly in relation to email. If you no longer have a business need or a regulatory requirement to retain information, then delete it - in the process you can limit the possible damage even if the worst should occur and you fall victim to an external attack.

Backup, backup, backup

The last thing you want in the event of a security breach is for it to hit your day-to-day operations - the potential damage caused by the hack itself is likely to give you enough to worry about. But that is exactly the situation Sony found itself in after its latest hack, with its email system down and staff forced to return to the days of pen, paper and even the fax machine.

As well as ensuring alternative means of communication remain open to your business in the aftermath of a possible attack, it is also vital to make sure that you retain access to the information most critical to your work. Regular, secured backups help ensure that, whatever happens, the show is able to go on and your firm’s productivity and revenue are not unduly hit. Engaging professionals to undertake your backups on a managed service basis also means this can happen routinely and without fail, while you stay focused on running your business.

Want to learn more about how to reduce your IT network’s vulnerability to attack? Get in touch with us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
December 31st, 2014

security_dec24_CWhen looking into the ways companies are hacked, you quickly realize that there are so many different tactics out there that it is mind-boggling. One of the more effective methods used recently is spear phishing, and in early December 2014, a new spear phishing attack was uncovered. This threat, while directed at larger organizations, could be turned against smaller businesses as well, and is therefore worth you knowing about.

What is spear phishing?

Spear phishing is an advanced form of phishing where attackers troll the Internet for relevant information about you and then create a personalized email that is sent to you. This email is usually developed so that it appears to be coming from a friend or trusted partner and contains links to a site or program that can initiate an attack or steal information.

More often than not, these links are to websites where you enter account information, passwords, and even bank account details, or any other personal information which can be used to break into computers and even steal your identity.

What is this latest spear phishing attack?

This new form of spear phishing, being carried out by an organization who calls themselves FIN4, has actually been around since as early as mid 2013. When they attack Wall Street listed companies they are doing so to steal valuable plans and insider information.

What we know is that they send highly savvy and targeted emails to people at a company, trying to harvest Microsoft Outlook account information. Once they have this crucial data they then target others inside, or connected to, the organization, with the same email, while also injecting the code into ongoing messages. This method can spread the attack quickly, leading to a potentially massive security breach.

In the email examples of this phishing threat, the attackers write mainly about mergers and other highly valuable information. They also include a link to a forum to discuss the issues raised further. These emails come from people the recipient already knows, and the link is to a site that asks them to enter their Outlook account and password before gaining access. When this information is entered, it is captured by the attacker and used to launch more attacks.

What can we do to protect our systems?

From what we know, this attack is being carried out largely against law firms, finance companies, and other large organizations. While this discounts many small businesses, there is a good chance that the attackers will turn to small businesses operating with larger companies at some point.

Because this is an email-based attack, you need to be extra vigilant when opening all emails. Be sure to look at the sender's address, and read the body of the email carefully. While hackers generally have good English skills, they aren't fully fluent, which means you will notice small mistakes. Also, keep in mind previous emails sent by the recipient. If the tone and style is off, then the email may be fake.

It is important to always look carefully at all links in email messages. If a link looks suspicious, then ask the recipient for more information or to tell you where the link goes. If you come across any site asking you to enter account information, be extra careful. Look at the URL address in your browser, if it doesn't sat HTTPS:// before the address, then it may be a good idea to avoid this.

If you have any questions on spear phishing and how you can prevent it, contact us today to see how we can protect your business.

Published with permission from TechAdvisory.org. Source.

Topic Security
December 3rd, 2014

Security_Dec01_CMalware is a constant threat to a business's security. However, with many malware infections we tend to be able to learn a lot about them in a very short amount of time, which weakens the power of each attack. There is a new threat called Regin however, that is leaving many security experts baffled. Here is an overview of Regin and what it means exactly for businesses.

What exactly is Regin?

What is most interesting about Regin is that a number of security experts seem to not really fully understand it. They know that it exists, they know it is complex, and they know it is one of the most advanced pieces of malware ever created. But, they don't know what exactly it does, or where it comes from.

What we do know is that Internet security firm Symantec is credited with first bringing Regin to public attention, and that it has been around since at least 2008. So far, the company has said it is similar to the Stuxnet virus that was supposedly developed in (or by) the US and used to attack and subvert the Iranian nuclear program.

Regin is known to infect Windows-based computers and at its core is a backdoor trojan style of infection. From detected infections it is looks like the purpose of the malware is not to steal information but to gather intelligence and facilitate other types of attacks.

What makes this malware so powerful and disturbing is that it is much more advanced than other infections. Using various encryption methods it can hide itself extremely well, making it difficult to detect. It can also communicate with the hacker who deployed it in a number of different ways, thus making it a challenge to block or stop. As a result, it is far from easy to actually figure out what exactly this malware is doing and why.

Who has been infected?

According to various security experts we have been able to compile a list of companies and organizations that have been targeted to date. These include:
  • Telecommunications companies
  • Government institutions
  • Financial companies
  • Research companies
  • Individuals and companies involved in crypto-graphical and mathematical research
At the time of this article, no known attacks have been carried out against companies in the US, Canada, or the UK. The main countries targeted so far have been Russia and Saudi Arabia, along with a smaller number of infections in Malaysia, Indonesia, Ireland, and Iran. A total of 10-15 countries have been targeted since the malware was first discovered in 2008.

Is this a big deal for my company?

Just because your company is operating in a country that hasn't been affected thus far, doesn't mean that you aren't at risk of being attacked by this malware in the future. If you operate in any of the industries or sectors listed above, you could still be at risk, especially if you do business with clients in infected regions.

For now, however, it appears that Regin is only infecting larger government bodies and large companies outside of North America and much of Europe, so the chances of you being infected are relatively low. Although as with any threat, this can change at any moment.

What we recommend is that you ensure your antivirus and antimalware solutions are kept up to date and always switched on. You can rest assured that eventually experts will learn more and block this malware from infecting systems. Beyond this, working with an IT partner, like us, who can ensure that your valuable data and systems are secure, is also a good idea. The same goes with watching what you download and any emails you open. If you don't know or trust the source, don't download any program, open an attachment, or read an email connected to it.

Looking to learn more about the security of your systems? Contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
November 21st, 2014

Security_Nov17_CNet Neutrality is one of the biggest tech-related issues currently making its way through the American Government. In mid-November President Obama made his stance on the issue known, while also introducing a plan for it and thereby bringing the subject to worldwide attention. Here is an overview of what Net Neutrality is and how it can affect you.

What is Net Neutrality?

In order to define Net Neutrality, we should first look at the main idea behind what the Internet is: a free and open medium where individuals can express and house thoughts, ideas, and more. It was founded on one principal, and one principal alone: All information and Internet traffic MUST be treated equally.

This free, open, and fair principle is what we call Net Neutrality. In practice, this idea prevents Internet providers, and even governments, from blocking legal sites with messages they disagree with, and restricting access to services and sites that don't meet their business needs.

What exactly is the issue?

At this time, major telecommunications companies providing Internet access are trying to push legislation through the US court systems that will essentially make it legal for them to throttle Internet speeds; asking other providers to pay fees in order to speed up access to sites and to even block some sites.

There are laws currently in place, set by the FCC (Federal Communications Commission), that prohibit providers from collecting, analyzing, and manipulating user traffic. In other words, according to the FCC, the role of the Internet providers should be to simply ensure traffic and data gets from one end of the network to the other.

Last year, it was uncovered that US telecommunications giant, and Internet Service Provider, Comcast demanded that Netflix pay them millions of dollars or they would limit the Internet speed of Comcast users trying to access the streaming service. Netflix tried to negotiate but the result was that Comcast did indeed cut user speeds. Netflix paid to avoid this from happening again. This act is an obvious breach of the main tenet of Net Neutrality: Equal access for everyone.

Combine this with the January 2014 ruling that the FCC had overstepped its bounds in regards to this topic and the increased lobbying by telecommunications giants against Net Neutrality, and you can quickly come to realize that the Internet as we know it is under threat.

How will this affect my business?

If nothing is done, there is a very high chance that you will be paying higher rates for Internet-based services (because the providers will be asking other companies to pay to guarantee speedy access which will then be passed along to you via higher rates). You may even be forced to use services you don't want to use because they offer better access speeds on your network.

Beyond this, because so many businesses rely on websites and the hosting companies that enable us to access them, there is a very real risk that these hosts may have access speeds cut. This in turn could mean that it will take more time for some users to access your website and services. Think of how you react when you can't access a website, you probably just search for another similar site which loads easily - now imagine this happening to your site. In other words, you could see a decrease in overall traffic and therefore profits.

What can I do about this?

First off, we highly recommend you visit The White House's site on Net Neutrality, and read the message that President Obama has recently posted there. To sum it up, he believes that Net Neutrality should be protected and the Internet should remain open and free. He has even laid out a plan with four rules that the FCC should enact and enforce:
  • No blocking - Internet providers are not to block access to any legal content.
  • No throttling - Internet providers cannot slow or speed up access speeds based on their preferences.
  • Increased transparency - The FCC is to be more transparent and push providers to follow the Net Neutrality rules.
  • No paid prioritization - There is to be a ban on providers insisting other companies pay to have equal access speeds.
You can bet that this plan will be met by stiff resistance both in government and by the telecommunications companies themselves. The FCC is an independent organization and it is up to them to select whether or not they want to enact President Obama's plan. One thing you can do is to publicly submit your comments to the FCC via this website. Any comments made will be seen by the FCC and are are publicly viewable. In the past, enough public pressure has been able to sway FCC decisions, so share this article and the links in it with everyone you know, asking them to take action as well.

What about other countries?

For now, the Net Neutrality battle is largely US based. The vast majority of Internet traffic starts or at least passes through the US. This means that if the telecommunications providers (many of whom own international subsidiary providers) can limit access to sites in the US it could very quickly become a world issue. Beyond this, other countries often follow laws that the US enacts, so it could only be a matter of time before we see similar bills passed in other countries.

In short, this is a major issue that could see the end of the Internet as we know it. If you would like to learn more about Net Neutrality and how you can help ensure the Internet remains free and open, contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
November 13th, 2014

Security_Nov10_CLast year saw a number of highly publicized security threats that many companies struggled to deal with. One of those was some nasty malware called Cryptolocker, which held your files for ransom. While this has now largely been dealt with, news is surfacing of a second version - called CryptoWall - that has begun to infect users.

What is Crypto malware?

Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don't pay before the deadline, your files are deleted.

When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn't go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.

Cryptolocker 2.0, aka. CryptoWall

Possibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.

With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.

The developers did however make some "improvements" to the malware that make it more difficult to deal with for most users. These changes include:

  • Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
  • CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn't paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
  • Payment servers can't be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.

How do I prevent my systems and devices from being infected?

Unlike other viruses and malware, CryptoWall doesn't go after passwords or account names, so the usual changing of your passwords won't really help. The best ways to prevent this from getting onto your systems is:
  • Don't open any suspicious attachments - Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
  • Don't open emails from unknown sources - Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don't have an account with or bills from a utilities company you don't use. Chances are high that they contain some form of malware.
Should your files be attacked and encrypted by this malware, then the first thing you should do is to contact us. We can work with you to help find a solution that will not end up in you having to pay the ransom to recover your files.

If you are looking to learn more about CryptoWall malware and how to boost your security and protect your data and systems, then we could you your first line of tech defence.

Published with permission from TechAdvisory.org. Source.

Topic Security
October 31st, 2014

Security_Oct27_CAny business with Internet-based systems should be taking the appropriate steps to ensure that their activities and information are secure from the ever-expanding number of online threats. This can be tough, especially for businesses who operate almost exclusively online. To help, here are five tips that can help keep your online activities safe from attacks.

1. Use two-factor authentication whenever possible

Two-factor authentication, or two-step authentication as it is also known, is the idea of using two pieces of information to log into accounts: Your usual password and a code that is usually sent to a mobile device or generated by a code generator.

By utilizing this safety feature, you can further increase the security of your accounts, largely because the chances of someone getting their hands on both the generated code and your password are slim.

Some sites don't use a code and instead ask a question that needs to be answered every time you log in. If this is the case, make the question something that is difficult for a hacker to guess. For example, use your address from 10 years ago instead of your current address.

2. Audit who has access to what data

Between all of your online accounts and social media profiles you will likely be surprised at just how much information about you can be found online. There are a multitude of scare stories online, where someone has had their accounts hacked and identity stolen, largely because they had left pertinent information online without even thinking about it.

It is a good idea to audit what information you have online. This includes looking at the contact and personal information you have on social media profiles, account information, etc. Ideally, if it is not necessary information, then it shouldn't be shared. As for social media profiles, make sure only the absolute basic personal information is online and limit who can see this information.

3. Watch what is posted on social media

Because of the nature of social media, we often feel the need to share our whole lives online. This can often lead to oversharing, and even sometimes oversharing of personal information. There are stories online of thieves monitoring social media for businesses posting about how they are going to be closed for a holiday, with all staff gone. Once a thief finds this information, they then break into the business without worrying about people being there.

If you are going to share information online, be sure to limit the potentially sensitive information that you post, especially if the content is shared with the public.

4. Change your passwords regularly

It seems like almost every week news breaks of a password or account information breach. What this translates to is the fact that your accounts are always facing a potential risk. Therefore, you should make it a habit to change your passwords on a regular basis.

Most experts recommend at least once every three months, but if there is a breach where your account information may have been leaked then naturally change your passwords straightaway.

To ensure maximum security, you should use a different password for each account, and keep these as separate as possible.

5. Work with an IT partner who can offer enhanced Internet security

Ensuring that your business is secure online can be an on-going battle that you will likely not win easily. One of the best steps to take is to work with an IT partner like us. We offer a variety of Internet security solutions that can help stop malware intrusions before they infect your systems, block access to potentially harmful sites, and even scan Internet-based email solutions. In other words, we can help improve your overall online security.

If you are looking to learn more about how we can help your business be secure online, contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
October 9th, 2014

Security_Oct07_CWhen first announced in April of 2014, Heartbleed was one of the biggest security issues ever uncovered. Companies scrambled to patch systems and ensure they were protected from this problem. While big news, there is a recently uncovered security flaw called Shellshock which could make Heartbleed look relatively small in comparison, and it is a potential problem you should be aware of.

What exactly is Shellshock?

Shellshock is the name applied to a recently uncovered software vulnerability which could be exploited to hack and compromise untold millions of servers and machines around the world. At its heart, the Shellshock vulnerability is based on a program called Bash. This is a Unix-based command program that allows users to type actions that the computer will then execute. It can also read files called scripts that contain detailed instructions.

Bash is run in a text-based window called a shell and is the main command program used by OS X and Unix. If you have a Mac computer and want to see what Bash looks like, simply hit Command (Apple Key) + Spacebar and type in Terminal. In the text-based window that opens in Bash you can enter commands using the Bash language to get your computer to do something e.g., eject a disc, connect to a server, move a file, etc.

The problem with Bash however is that it was recently discovered that by entering a specific line of code '() { :; };)' in a command you could get a system to run any following commands. In other words, when this command is used, Bash will continue to read and execute commands that come after it. This in turn could lead to a hacker being able to gain full, yet unauthorized, access to systems without having to enter a password. If this happens, there is very little you can do about it.

Why is this such a big issue?

To be clear: Shellshock should not directly affect most Windows-based machines, instead it affects machines that use Unix and Unix-based operating systems (including OS X). So why is this so big a deal when the majority of the world uses Windows-based computers? In truth, the majority of end-users will be safe from this exploit. However, the problem lies with bigger machines like Web servers and other devices such as networking devices, and computers that have had a Bash command shell installed.

While most users have Windows-based computers, the servers that support a vast percentage of the Internet and many business systems run Unix. Combine this with the fact that many other devices like home routers, security cameras, Point of Sale systems, etc. run Unix and this is becomes a big deal.

As we stated above, hackers can gain access to systems using Bash. If for example this system happens to be a Web server where important user information is stored, and the hacker is able to use Bash to gain access and then escalate themselves to administrative status, they could steal everything. In turn this could lead to the information being released on to the Web for other hackers to purchase and subsequently use to launch other attacks - even Windows-based systems. Essentially, there are a nearly unlimited number of things a hacker can do once they have access.

If this is not dealt with, or taken seriously, we could see not only increased data breaches but also larger scale breaches. We could also see an increase in website crashes, unavailability, etc.

So what should we do?

Because Shellshock mainly affects back-end systems, there is little the majority of users can do at this time. That being said, there are many Wi-Fi routers and networks out there that do use Unix. Someone with a bit of know-how can gain access to these and execute attacks when an individual with a system using Bash tries to connect to Wi-Fi. So, it is a good idea to refrain from connecting to unsecured networks.

Also, if you haven't installed a Bash command line on your Windows-based machine your systems will probably be safe from this particular exploit. If you do have servers in your business however, or networking devices, it is worthwhile contacting us right away. The developers of Bash have released a partial fix for this problem and we can help upgrade your systems to ensure the patch has been installed properly.

This exploit, while easy to execute, will be incredibly difficult to protect systems from. That's why working with an IT partner like us can really help. Not only do we keep systems up-to-date and secure, we can also ensure that they will not be affected by issues like this. Contact us today to learn how we can help.

Published with permission from TechAdvisory.org. Source.

Topic Security