Technology by Design

Technology news, reviews, and how to keep your technology running fast and smooth!

XP – Is it safe to use?

by Leave a Comment

XP UpgradeDear Geek,

I am an older adult that is stuck in my ways.  My computer is on XP.  My neighbour told me that I have to upgrade to a newer “OS” (?).  I don’t want to have to learn a new program.  All I use my computer for is emails, internet banking, and playing a couple of games.  Do I really need to upgrade?

Sincerely,

Can’t Teach An Old Dog New Tricks

Dear Old Dog,

I completely understand not wanting to learn a new program.  That is not exclusive to older adults – most people don’t want to learn a new program, and resist until they absolutely have to.  Unfortunately this is one of those times.  In order for me to tell you why you need to upgrade, I need to give you some background information:

OS’ refers to ‘Operating System‘.  This is software that manages computer hardware and software resources, and provides common services for computer programs.  Other software programs usually require an OS to be able to run on your computer.  Most times, an OSs ‘bugs’ or security issues are not discovered until the OS is in use by the general population.

OS manufacturers release ‘patches‘ to fix these ‘bugs’, which are released to users in the form of ‘updates‘.  A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it.  This includes fixing security vulnerabilities and other bugs, improving the usability or performance.  Generally, updates are released on Tuesdays.

OS system updates often address security vulnerabilities that have been discovered or not previously disclosed.  If OS system updates are not installed in a timely manner it can lead to unauthorized access to your computer, theft of personal, confidential, or Protected Health Information, or the destruction of information, files, or pictures that are on your computer.  Your computer should be set up to receive automatic updates, and should notify you when new updates are available and ready for downloading and/or installing.  When the installation is completed, the computer may require you to ‘restart’ your computer to activate the newly installed updates.

OS support (patches and updates released by the manufacturer) is available for 5 years after their GA (general availability) dates, as a general rule.  After those 5 years, the manufacturer no longer releases patches/updates for that OS, which leaves it vulnerable for hackers to access your computer.

To find a Microsoft Product’s end-of-support date, use the Microsoft Product Lifecycle Search page  to get the official answer.  Enter the name of the OS, and click ‘Search’.  You will get back a table that shows the general availability date, the retirement dates for mainstream and extended support, and retirement dates for service packs (which don’t follow the general rules of support).

Here’s the search result for Windows XP:

 

xp-support-lifecycle

 

 

 

 

 

 

The date that matters most on this chart, is the one circled in red – April 8, 2014.  This is when support ended for Windows XP.

What this means to you:  Your computer, and everything it contains including your emails, internet banking information, and any pictures or other personal information you may have, is vulnerable to being accessed by computer hackers.  So, long-story-short:  yes, you need to upgrade…immediately.  If you think your computer is too “small potatoes” for hackers, think again.  It’s actually very easy for a hacker to hack into a computer that is vulnerable, like yours.  Any low-level, low-skill hacker (ie the teenager down the street) can hack into a computer such as yours…and will.

I suggest you upgrade your OS immediately.  If you can’t afford to upgrade your computer, keep all personal information off of it – emails, banking information, etc etc, and keep your computer strictly for playing solitaire.  I know, this makes your computer a very large paperweight.  Another option:  sometimes, you can get a refurbished computer for much cheaper than a brand-new one.  This would most likely not be available from any of the big-box stores – they want to sell you the newest computer out there.  Judging from your general use, you don’t need a high-powered super fast computer (that would be more suited to playing the new computer games with lots of graphics).  Just a reliable, and up-to-date one.

Need a new computer, or upgrade your old one?

Call Technology by Design at 1-204-800-3166  www.itthatworks.ca.

We don’t sell you what we want – We sell you what you NEED.

  We’ll tell you what you need, based on use and budget.  Then, we’ll tell you if your old computer is worth upgrading, or if you should invest in a newer computer.

DOUBLE-ALERT: 2015 Top I.T. Security Predictions, and…3 Scams To Watch For In 2015

by Leave a Comment

2014 has been a year chock-full of Malware, Spear-Phishing, and Viruses, and the infamous CryptoLocker (and the following variations).
Green Eggs and Scams
2014 has also been a rude awakening for some companies regarding I.T. security.

Mike Rogers, chairman of the House Permanent Select Committee on Intelligence noted in the WSJ Dec 25, 2014:

“In 10 years on the House Intelligence Committee I’ve watched a range of national security threats grow and evolve, but none as quickly as cyberwarfare.”

Mike mentions 2 recent examples, the Sony hack and the recent FIN4 gang who hacked into 100 public companies to grab insider information so they could manipulate the stock market.  He predicts more of this to come, and urges congress to expand the private-sector’s access to government-classified cyberthreat intelligence.

Shawn Henry, president of cybersecurity firm CrowdStrike Services and a former executive assistant director of the FBI said:  “It’s going to take some attacks much greater than what we’re seeing at Sony to allow the public to change course and say, ‘OK, we get it. We recognize how dangerous this is.'”

Here at Technology by Design, we hope you see how serious and important I.T. Security is, before it’s too late.

 

Top 10

 

 

2015 Top 10 I.T. Security Predictions:
  1. The Sony hack is claimed to be a harbinger for more nation-state attacks on private sector organizations.  Expect a major energy blackout with the press calling it a successful cyber attack on a U.S. energy infrastructure company and blaming Iran, DPRK, China, or Russia, but it turns out to be “rats and squirrels, gnawing on electrical cables.”
  2. State-sponsored, APT hacking groups will start to merge/cooperate/subcontract with criminal hacking campaigns like those targeting JP Morgan Chase to perform spying activities, steal IP and/or gather intelligence about vulnerabilities in critical infrastructure systems for these foreign governments.
  3. The Financial- and Defense Industry have doubled their I.T. security budgets in 2014, and during 2015 several other sectors will follow their example, specifically Technology, Healthcare, Manufacturing, and Government.
  4. Breach detection tools are now making their way into the enterprise, but correctly responding to a data breach is still very hard.  Often CEOs will buy the tools, but not the people to run them.  Count on a Sony-like chaos-and-panic response from a major healthcare organization driving it out of business.
  5. With the event of renewed interest in mobile payment, cybercrime’s attention will get focused on this lucrative combo of “mobile & money”.  It’s predicted that Apple Pay will be compromised somehow in 2015, and that a new Apple-specific ransomware will spread via phishing attacks on iPhones, targeting cloud accounts.
  6. 2015 will be the year that trust in effective protection by just antivirus is mostly lost, and additional layers like software whitelisting and breach detection are going mainstream.
  7. We have not seen the end of POS attacks, but since retailers are going to harden the POS endpoints, cyberheists will move to “middle layer” targets which means payment processors and third-party POS management infrastructure.  When “chip-and-pin” finally rolls out, big breaches will finally taper off.
  8. One of the major companies that was infected in 2014 will not move fast enough to shore up their security infrastructure, and will get reinfected in 2015, resulting in again losing millions of credit cards.  Consumers will have gone into deep breach-fatigue and dismiss the risk.
  9. Board Rooms will realize that “culture trumps compliance” and start top-down security culture initiatives, assisted by technology-driven ethics and compliance programs, which include mandatory security awareness training for all employees.
  10. 2014 saw a 650% increase in social media spam and 99% of these malicious URLs led to malware or phishing sites.  Expect this to grow another 400% in the next 12 months.

 

As I’ve said before, cybercriminals don’t take holidays.  Instead, they use holidays and disasters to work overtime to try to catch you while your guard is down.
3 Scams To Watch For:

AirAsia

1.  Phishing emails and Facebook messages claiming that the missing AirAsia Flight QZ8501 has been found..   The message includes a teaser image of a crashed AirAsia jet and invite users to click a “Play” button to view “breaking news footage”.  Do NOT click on the link – it will fill your pc with malware.

Apple Watch 2.  Apple Watch scams.  The new Apple Watch will be incredibly popular and be used for a variety of scams that try to infect workstations with malware.  There will be lotteries, giveaways, “Free Apple Watch” contests, and promises that if you buy something, you will get an Apple Watch thrown in the deal at no cost.  Remember:  If a deal sounds too good to be true…IT IS!

The Interview 3.  Anything related to “The Interview”.  Cybercriminals have now created an app that researchers at McAfee identified started in South Korea in the last few days, attempting to exploit the media frenzy related to “The Interview” movie.  There is a torrent download, and it poses as an Android App to download the movie to mobile devices.  It’s a banking Trojan.  Be careful not to download anything related to “The Interview” unless you are 100% sure it comes from a legit source.  And if you really want to see the movie, go to that website yourself, do not click on any link in an email promising to play the movie.

 

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

Sony Hack, and What We Can Learn From It

by Leave a Comment

SonyUnless you live under a very large rock, you’ve heard about the hack at Sony, and the fallout that occurred afterwards.  

As with everything, there are lessons that are to be learned from the security breach.  
Lessons that even small businesses can learn from Sony’s mistakes…

 

In IT security, there are 2 types of attacks:  opportunistic and targeted.  

There are 2 ways to assess hackers:  skill and focus.  

Using this assessment, there are 3 levels of hackers:

  1. Hackers using point-and-click hacking tools are low-skill and low-focus.  They grab what they can if the low-hanging fruit (ie the no IT security) is available.
  2. Hackers that have high-skill, but low-focus are the causes of the high-profile attacks we read about in the newspaper regularly (Target, Home Depot, JP Morgan Chase, and now Staples).
  3. Sony is a good example of high-skilled and high-focus hackers.  A large hacking team from (allegedly) the Democratic People’s Republic of (North) Korea (DPRK) hacked into Sony and, for all intensive purposes, shut them down.  Sony didn’t make the hackers’ job too hard, by using third-rate security.

Assuming it wasn’t an inside-job, there are 3 ways the Sony hackers could have gotten in:  Mis-configured servers that allowed unauthorized access; Software vulnerabilities, either known holes or unknown zero-days; or Social engineering untrained employees that simply allow the hackers in by clicking on a spear-phishing link.

What are the lessons that can be learned, and used, by other businesses?

1.  If you are the target of a high-skilled, high-focus attack, you can count on them getting inside.  Your focus should be on defending the most important of your data, and make sure it does not get exfiltrated (stolen).  The fact that Sony did not notice terabytes of data leaving their network is an example of third-rate security.  

Lesson:  Use ecryption and breach detection tools.

2.  If you handle a lot of credit cards, Russian cybercriminals has you in their cross-hairs, but with a million other businesses.  This type of hacker is in it for the cash, and their time is money – if they encounter proper security, they will move to a weaker target.  If Home Depot would have upgraded their POS system in time from XP to Windows 7, their systems would not have had the security holes, and they wouldn’t have been hacked.  Good security, and up-to-date software, makes the hackers’ jobs a lot harder, more expensive, and more risky for them.  

Lesson:  Create enough IT security budget to give your IT security team (or person) the time and tools to implement security best practices.  Make sure the software you are using is up-to-date, and security patches that are released regularly by the software company, are being installed.

3.  As evidenced by the high-profile cases of Home Depot, etc., a lot of businesses do not look at their IT security until after they have been hacked.  The time to start thinking of IT security is BEFORE the attack, and be prepared.  IT security is really 3 things:  Protection, Detection, and Response.  

Lesson:  “You need prevention to defend against low-focus attacks, and to make targeted attacks harder.  You need detection to spot the attackers who inevitably get through.  And you need response to minimize the damage, restore security, and manage fallout.”

Think your business is too small to worry about security?  

The fact is, it’s not very hard to hack into a computer system that has little or no security.  

Think about the fallout if your computer system got hacked.  What information would you lose:  pictures, personal information, banking information, financial information…and now the REALLY scary stuff…customers’ personal information, customers’ financial information, customers’ credit card information.  

Not to mention the difficulty in retrieving that information, and putting your computer system back together, think about the legal ramifications and business lost.

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

Computer Running Slow

by Leave a Comment

Slow Computer

 

Why is my computer running slower than usual?

 

 

 

If your computer usually runs at an ok speed, and has only recently started to run slowly, there are a few reasons that could cause this:

  1. Surfing the internet.  Sometimes, if you’ve spent some time on numerous websites, your computer “saves” these websites and information packets (called “cookies”) which your computer uses to move from page to page & site to site on the internet.  The fix:  Delete all the “cookies” in your computer’s temporary memory.  If you don’t know how to do this, do not attempt it.  You could delete the wrong files, and cause a major catastrophe.  Get someone that knows what to do, and get them to show you how.  If you hire someone to do it, and they won’t show you, get a new computer person.  Any IT person worth keeping, will show you how to do this, because it’s an easy fix, and not really worth their time to be called out to do it.  Anybody not willing to show you how to do it, is likely pretending it takes more time than it really does, and is overcharging you.
  2. Not enough memory.  If you’re running a lot of programs, your computer may be struggling to run all the programs, and having a hard time with it.  The Fix:  Either install more memory, or reduce the number of programs you are running on your computer.
  3. Spyware and Malware.  This is the fastest growing threat to computers today.  Spyware can use your computer to send out spam emails and pop-up advertisements on your computer.  If you have a server, it can actually use your server as their server.  Some spyware (keyloggers) will even record your usernames, passwords, and web activity, then send them anonymously to someone who may steal your identity, read your email, or even log into your bank’s online website to steal your cash!  The fix:  Get your computer cleaned out ASAP!  Do not attempt to do it yourself if you do not know how to do it.  The longer it stays on your computer/server, the more it can take over your computer, the more spam emails it can send to your contacts, and the more information it can steal!
  4. Hard Drive Failure.  If your hard drive is failing, it will cause slowness and, in severe cases, freezes or “blue screens”.  The Fix:  If your computer is showing these symptoms – Backup your data ASAP! Then get your IT person to install a new hard drive.  If you are not able to backup your data, sometimes an IT person can retrieve some of your data from your old hard drive, but not always.

Need computer help ASAP?  

Technology by Design can usually fix your computer remotely, which means you don’t lose your computer while it’s “at the shop”.

Call us at 204-800-3166!

ALERT: Bogus News Stories

by Leave a Comment

Hoax News2014 has been a year full of hoax stories, malware, and cybercrime.  It’s also seen a boom in hoax new stories, as these are extremely successful social engineering tactics used by hackers to get people to click on links, and worse, share the news with their friends and become part of the spread of infection.

At the moment, there is a spike in hoax stories that spread malware and infect your phone and computer.  Cyber-criminals use all the tricks in their black book to get you to click on and share hoax stories with your friends.  This happens on Facebook, popular websites, they are sent straight into your inbox, and even major news outlets are sharing them unknowingly.

Be on the lookout for these 5 hoaxes:
  1. Stories that urge you to share something before you have even read them.
  2. Celebrity deaths are increasingly being used to shock people into clicking on links and making a zombie out of their PC or lock their smartphone with ransomware.  Recent example:  Will Smith.
  3. Very violent video news reports that draw your attention with “Warning:  Graphic Content”, and lurid titles like “Giant Snake Swallows Zookeeper”.
  4. Outrageous stories about Facebook itself, like it will start charging for the service, it sells your personal information, a way to show you who looked at your page, or other claims that might upset your and lure you to click on a link.
  5. And last, especially in this season of charity, heartrending reports about dying girls that beg you for “likes” so they can obtain drugs or hospital treatment.

Cybercrime is moving to mobile malware with astonishing speed, so be especially careful clicking/tapping on suspicious things on your smartphone.  Anything you received, but didn’t ask for, watch out because your phone may get locked with mobile ransomware.

Call for a FREE Network Security Analysis!

Already infected?  We’ll exterminate & get you bug-free for the holidays!

1-204-800-3166

We Make I.T. Work!

ALERT: Fined For Unpatched Software

by Leave a Comment

HIPAA Fine

ALERT:  Fined for Unpatched Software

Anchorage Community Mental Health Services (ACMHS) was recently hit with a $150,000 fine for failing to apply software patches.  

ADMHS is a five-facility, non-for-profit organization providing behavioral healthcare services to children, adults, and families.

This HIPAA settlement in the Alaska case marks the 1st time The Department of Health and Human Services’ Office for Civil Rights has levied a penalty tied to unpatched software, which is not specifically addressed in the HIPAA Security Rule.  The OCR opened an investigation after receiving notification from ACMHS regarding a breach of unsecured electronic protected health information (ePHI) affecting 2,743 individuals due to malware compromising the security of the mental health provider’s information technology resources.

OCR’s investigation revealed that ACMHS had adopted sample HIPAA Security Rule policies and procedures in 2005, but these were not followed.  The security incident was the direct result of ACMHS failing to identify and address basic risks, such as not regularly updating software with available patches and running outdated, unsupported software, OCR says.

“ACMHS failed to implement technical security measures to guard against unauthorized access to e-PHI that is transmitted over an electronic communications network by failing to ensure that firewalls were in place with threat identification monitoring of inbound and outbound traffic and that information technology resources were both supported and regularly updated with available patches,” says the OCR resolution agreement with ACMHS.

In addition, OCR says that contributing to the incident was ACMHS’ failure to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of e-PHI.

OCR Director Jocelyn Samuels states:

 “Successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ePHI on a regular basis.  This includes reviewing systems for unpatched vulnerabilites and unsupported software that can leave patient information susceptible to malware and other risks.”

Independent HIPAA and healthcare attorney Susan A. Miller states:

“This is a wake up call that people should be looking very closely at the security risk assessment tools available from ONC and OCR, as well as NIST [National Institute of Standards and Technology].”

“The lesson here is that when a software patch or update is sent by a vendor, they should be applied immediately,” Miller adds.  “That includes operating systems, electronic health records, practice management – and any electronic tool containing PHI.”

Our personalized Monthly Service Plans make sure your patches are up-to-date, and your system is safe and secure!

Call us for a Network Security Analysis!

1-204-800-3166

We Make I.T. Work!

 

 

Putting a Stop To AutoPlay Ads

by Leave a Comment

Dear Geek,

I am tired of the constant autoplay ads that are on every webpage I visit.  Is there a way to stop them?

Signed,

AutoPlayed Out

Stop AutoPlayDear AutoPlayed,

Lately, there has been a rapid increase in websites that host autoplaying video advertisements.  This can be really annoying.  There is a way to put a stop to it.  However, before you consider disabling autoplaying video on websites that you frequent.  There is a good chance that this is the main source of income, and is what ultimately funds the production of the content you wish to view/read.  So, if you disable autoplaying ads, make sure you support your favorite website some other way, or run the risk of losing the website due to not enough funding.

Now, to disabling autoplay ads.  Depending on whether you’re running Chrome, Firefox, or Internet Explorer, there are different steps to each.

Fig 1

 

 

How To Stop AutoPlaying Ads, Videos, and Media in Chrome:

  1. Type “chrome://chrome/settings/content” into the URL bar.
  2. Scroll down to the plug-in section, and select “Click to Play”.

 

 

 

Fig 2

 

 

How to Stop AutoPlaying Ads, Videos and Media in Firefox:

  1. Type “about:config” into the URL bar.
  2. Accept the warning.
  3. Enter “plugins.click_to_play” into the search box, and toggling the settings.

However, there was limited success with the steps above.

 

 

Fig 3

 

If this didn’t work for you, try downloading the add-on Flash Block:

  1. Type into Google search “Flash Block Firefox”.
  2. Install/enable the add-on. **Make sure you download from a reputable source. **
  3. Restart Firefox.

All Flash content will now be on “click to play”, until you disable or remove the add-0n.

 

 

Fig 4

 

How To Stop AutoPlaying Ads, Videos, and Media in Internet Explorer:

  1. Go to “Tools, Safety”
  2. Click on the “ActiveX Filtering option.  This will put a check mark next to the option, indicating that the filtering option is enabled.

 

 

 

Email your questions for our Resident Geek to:  geek@tbyd.ca.

 

Computer problems got you grinched?  

Call Technology by Design at 204-800-3166.  

We’ll put the sparkle in your stocking again!

 

We Make I.T. Work!

ALERT: New Ransomeware Strain: VirRansom

by Leave a Comment

In many a budget meeting, the idea is thrown around “do we REALLY need IT?”  Well, if this article doesn’t convince you that I.T. is invaluable, nothing will…

 

There is a new Ransomware strain out there:

A true self-replicating parasitic virus called

VirRansom!

VirRansom

As the name implies, it is a hybrid.  
It combines CyptoWall-like functionality, with active self-replicating virus infections of all files it can find, with the cybercrime Reveton family of malware’s locking of the PC’s main screen.  
Oh yea, it also demands 0.619 Bitcoin to let you back in.  Ouch.

SophosLabs states:

Worms vs. Parasitics:  Most worms leave you with one, or perhaps a handful, of infected files that weren’t there before and need to be deleted.

Parasitic viruses, in contrast, may leave you with hundreds, or thousands, or more, of infected files on each computer.  If you leave even one of those infected files behind after a clean-up, the infection will start up all over again.

Worse still, the infected files can’t just be deleted, because they are your own files that were there before the infection started.  That makes cleanup even trickier.

Before you go into full-fledged panic mode, there is good and bad news with this virus.  
You seem like you could use some good news at this point…

 

The Good News:  

The file encryption is not as advanced as CryptoWall, as they key to decrypt the files is contained in the malware itself.  Your antivirus should soon be able to decrypt the files and restore them (hint:  keep up with updates!), unless the bad guys are constantly changing the encryption keys.  In which case, it may take a day or more before your antivirus catches up.

The Bad News:

This is a full-fledged virus.  It will spread across your network, and doing a less-than-perfect job on the disinfection can easily lead to reinfection of your whole network.

CryptoWall-encrypted files that you can’t or don’t decrypt are harmless garbage forever, but you can delete them.  

With VirRansom, files that you don’t decrypt are still recoverable, but also still actively infectious.

It gets even nastier:  You can expect a VirRansom 2.0 soon, where they might implement “new features” such as:

  • industrial-strength encryption like Crypt0Wall where you only get the decryption keys after payment
  • infection of your email server, where emails are converted to a worm for maximum dissemination of their malcode.  (Think of the legal ramifications this may have on your business!)
You can mitigate these types of threats through both technical measures, and enforcing your company’s computer use policy.

 

Some technical measures:
  • The 1st thing you need to do is test the Restore function of your backups, and make sure it works.  And have a full set of backups offsite.
  • Start thinking about asynchronous real-time backups, so you can restore data files with a few mouse clicks.
  • Get rid of mapped drives and use UNC links for shared folders.
  • Whitelisting software, which only allows known-good executables to run, starts to look more attractive, as more and more of these viruses/malware surface.
Looking at the security policy angle, it’s time to actually enforce best practices:
  1. Implement (and enforce) an “Internet Acceptable Use Policy or IAUP”.  This informs your employees what is (and isn’t) acceptable for use of their work computers while utilizing the internet.  They sign this document stating that they will use work computers within the parameters that are set out in the IAUP.
  2. Prevent these types of infections to begin with, through effective Security Awareness Training.  The infection vector (think “patient zero”) is your end user (ie. anyone in your company that uses a computer at any time) opening up an attachment or clicking on a link.  Employees need to be not only informed, but trained on computer security.  Call this your “Human Firewall”.

 

Get a Network Security Analysis:  Find out just how vulnerable your computer network is!

Already infected?  

Technology by Design exterminates the bugs, and those nasty viruses!

1-204-800-3166 

We Make I.T. Work!

Password: 123456

by Leave a Comment

Password

With all the cyber-attacks lately, we receive one question more than any other:  

How can I protect my computer/network?

 

The most common (AND most important!) answer:  password…password…password.  This is the easiest of all the tasks you could do to protect your computer/network and information.  BUT it’s the task that a lot of people don’t place a lot of importance on.

Look at your password as the keys to your “kingdom” (your computer/network).  If you had 1 key that opened everything (and I mean EVERYTHING), from personal data, pictures, financial information, emails, credit card information, etc, would you trust it with a lock you could pick with a ballpoint pen?  Need a visual?  Think of a bathroom lock – my siblings and I have been picking those locks since we were 6-years old.  Now think of your password as that ballpoint pen.  An item that is commonly found in almost every room in every house.  Do you want your key to be that easily found?  That is how simple a lot of passwords are.  Some people even use the default passwords (see ALERT posted Dec. 8, 2014).

The top 25 common passwords of 2013:
  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. abc123
  6. 123456789
  7. 111111
  8. 1234567
  9. iloveyou
  10. adobe123
  11. 123123
  12. admin
  13. 1234567890
  14. letmein
  15. photoshop
  16. 1234
  17. monkey
  18. shadow
  19. sunshine
  20. 12345
  21. password1
  22. princess
  23. azerty
  24. trustno1
  25. 000000

If any of your passwords are on that list:  Change It Now!  This list means these are the go-to passwords that hackers will try 1st.  If your password is even remotely close to any of the ones on the list:  Change It Now!  Just because you add a 1 or 0 or s to the passwords, doesn’t make it any more difficult to guess.

The best passwords to use:  a mixture of letters, numbers, and symbols.  Unfortunately for you, the best password to use, is usually the hardest to remember.  But think of it this way – if it’s easy for you to remember, it’s easy for a hacker to guess.  A good trick:  using numbers for substitutes for letters.  Scuba becomes 5cu8a or $cu8a; water becomes w4t3r or w@t3r; icecream becomes 1c3cr34m or 1(3(r34m.

Also a good rule of thumb – use a different password for every site/application.  Do Not use the same password for your online banking as you use for all your online shopping sites.  Avoid predictable passwords

Trouble remembering all the different passwords?  Check out https://www.passwordbox.com/.  It’s a free password manager, which was so good, that Intel bought the company.  So far it’s still free.

Or, you could check out a ECG-authenticating wristband, Nymi, which uses your own heart rhythm as an authenticator for everything from accessing email to unlocking cell phones and other gadgets.  They are size adjustable, and come in 3 colours.  You can reserve yours on their website for $79 until Dec. 31, 2014.

Need help with passwords?  Computer already infected/hacked?  

Call Technology by Design at 204-800-3166.

 

ALERT: Security Camera Warning!

by Leave a Comment

Insecam

If you have security cameras watching over your business, home, or baby (via baby monitor camera) – this ALERT is for you!  

Your cameras have a password protecting it?  

Think again!

 

 

To start at the beginning…

Security cameras come loaded with pre-set usernames and passwords.  A lot of people do not change the pre-set usernames and passwords on the cameras, and leave the cameras set with the username and passwords they came with.  The “default” usernames and passwords.

A website calledInsecamhas been found, which indexed 73,011 locations with unsecured security cameras (meaning cameras that have not changed from their pre-set usernames and passwords), in 256 different countries.  The site, which has an IP address from Russia, is further broken down into insecure security cameras by manufacturer.  Specifically:  Foscam, Linksys, Panasonic, some listed only as “IP cameras”.  DVRs such as AvTech and Hikvision were also listed.  Each link could have up to 8 or 16 channels available (meaning that’s how many security camera views were displayed on one page).

You can choose to view cameras by country.  There are 40,746 pages of unsecured cameras, just in the 1st 10 countries.  The U.S. had the highest number of links available at 11,046.  There are 6536 in South Korea, 4770 in china, 3359 in Mexico, 3285 in France, 2,870 in Italy; 2422 in the U.K.; 2,268 in the Netherlands; 2,220 in Colombia; and 1,970 in India.  Like the site boasts, you can see “into the bedrooms of all countries of the world.”

Links available view into businesses, stores, malls, warehouses, parking lots, hotels, hotel pools, baby cribs, bedrooms, living rooms, and kitchens.  Recently the cameras viewed even showed the addresses and GoogleMap location, however when I checked the site again, this was removed.

The website claims that the purpose of the site was to “show the importance of settings and changing the security settings on internet cameras.  They claim that they have removed “all automatically collected cameras from the site” and that only filtered cameras are available now, so that “none of the cameras on Insecam invade anybody’s private life”.   Insecam states they have “also removed all cameras that still use default password settings.”  They state they only provide links to “public cameras without password protection at all”.

Insecam isn’t without conscience, and will remove any camera “upon e-mail complaint.”  With an email and a direct link to “help facilitate the prompt removal”, they will remove the link to the camera.  They also state that if you don’t want to email them, you can simply remove your camera by changing your password from the default password.

Moral of the story:  Change Your Password!

Want to check out the site to see if your cameras are on there?  Go to:  http://www.insecam.org/

 

Call

1-204-800-3166

For Cyber-Assistance!