target_front_entrance

In mid-December Target disclosed that hackers broke into the company’s computer system and stole several millions of its members’ personal information.  A month later and Target has just tripled the number of people that might be affected by the security breach.

It’s Okay to Shop, But Be Wary of Who You Give Your Information to

According to Target’s latest revision, the recent security breach might affect one out of every five Americans—that is, roughly 70 to 110 million are susceptible to identity theft.  The data stolen from Target’s database range from email addresses to credit card numbers, so the magnitude to which one’s identity is compromised will vary.

Given that the recent Target debacle gave hackers just bits and pieces of information on people’s financial data, the ensuing aftershock should not be as bad as some might predict.  Target, to its own credit, has been proactive about mitigating the damages that its customers have or will experience because of the security breach.  The company, and affiliating banking institutions, has reached out to members by issuing them new account numbers and credit cards.

Finders Keeper, Losers Weepers

Security experts, however, predict that the fraudulent activities that coincide with such a huge security breach will be an everlasting one if consumers don’t take matters into their own hands.  Information such as emails and phone numbers can, if left in the hands of experienced cyber criminals, be used as tools to indirectly steal more personal information.  When all the pieces of a person’s identity is pieced together, thieves can easily access their target’s banking accounts and make off with the loot with just a click of a mouse.

Hackers Grab 40 Million Accounts From Target Stores

So what can you, as a consumer—especially if shop at Target, do to protect yourself if your personal information linked to a company like Target?  First, check your banking statements for any unusual activities, and if something out of the ordinary occurs report it immediately to your financial institution.  Next, Target members with a credit/debit card on record need to contact the company to make sure that the account number is completely erased from the database.  As an extra preventative measure, take yourself off Target’s database completely—that is, make sure Target does not have your email, phone number, home address, etc.

There’s not much you can do once your personal data has been stolen from you, but what you can do is try to plug in the holes while you still can.  Security analysts and firms that monitor the World Wide Web for activities regarding the intrusion and manipulation of peoples’ personal data saw a huge spike in black market activities since the breach occurred.  Since most average consumers have no means of tracking down cyber criminals or stop their malicious activities, it’s up to the local authorities and banking institutions to stop them from draining out a bank account.

Bullseye!

Target is working closely with private and government security/forensic experts to close up some of the holes, but only time will tell if people can once again trust the Target brand.  One could say that it was a bad omen for Target to choose a bullseye for its logo as that image has mutated into a double edged sword.  On one end, the retailer flourished as consumers flocked to the red buildings to make purchases, and at the same time gave away their personal information.  On the other end, the bullseye also became an attractive target for hackers and cyber criminals, evident by the recent security breach.

For more details about security issues that can affect you or your business, contact your office IT support.

Update:

Target is offering customers affected by the breach 1 year of free credit monitoring.  Sign up here.

Read More


A Common Netgear Wireless Router. Model DG834G.

A Common Netgear Wireless Router. Model DG834G.

A number of Linksys and Netgear DSL modems have been found to be exploitable via a simple hole in the components’ firmware.

How Was This Discovered?

Eloi Vanderbeken recently took up the task of reverse engineering his Linksys WAG200G wireless DSL gateway’s firmware.  At first he did it just for kicks, but during the process he found out even brand name tech components are just as vulnerable to hackers as off-brand products.  Vanderbeken found out during his self-imposed hack-a-thon that his WAG200G DSL gateway was accessible to hackers via an undocumented port.

After Vanderbeken toyed around with the Linksys firmware, he was able to come up with a simple interface that allowed him to send various commands to the gateway without administration authentication.  At first, Vanderbeken found that he couldn’t do much with the interface besides resetting the gateway to its factory settings.  However, as he delved deeper into it, he found that he could inject some home-brewed command lines into the interface.  These simple code injections allowed him to gain control of certain administrative properties using a wireless connection, and to reset the gateway’s web password.

How To Check if Your Are Affected

People interested in the hack and are tech savvy enough can check out Vanderbeken’s published work on Github.  Would-be hackers can do a few things with the script.  Firstly, Vanderbeken only hacked his router because he wanted access to his router’s web console without having to input the admin password—which he forgot.  So if you are the proud owner of these selective devices, you can be assured that they’re hack-able to both you and others with malicious intents.  Chances are most people will rather reset their gateways the easy way by pressing the little red reset button on the back of their device using a pen tip.  People looking for an adventure into the world of coding, however, might actually test out the scripts to see if their highly secured network is bulletproof or not.

Eloi Vanderbeken's bruteforce code to test the vulerability.

Eloi Vanderbeken’s bruteforce code to test the vulerability.

Another thing to note is that the backdoor vulnerability in these LinkSys and Netgear components are only assessable locally.  Meaning, a hacker would have to be in range of your Wi-Fi network for them to compromise your network and personal data.

What Should I Do If I Am Affected?

Quite frankly speaking, unless your neighbor or a passerby knows exactly the type of router you’re currently using, they won’t bother to attempt to hack your network.  The easiest solution, if you happen to own one of these vulnerable devices, is to name your wireless network something other than the router’s brand and model.

Often times, the routers come shipped with preconfigured settings which use the brand or model as the default wireless network name.  If that is the case, simply log into your router, and change the network’s name.  Next, you may also want to upgrade the product’s firmware, but keep in mind that different manufacturers have different firmware upgrade requirements.  Check your product manuals or website before attempting to upgrade firmware, because one wrong move can render your router unusable.

If you need further help, contact your office IT support.

Read More


OnsitePCSolution_Office_365_Vulnerability

Noam Liran, the chief software architect at Adallom, recently detected a flaw in Microsoft Office 365 which can easily expose account credentials through Word Documents that are hosted on a webserver which is currently invisible to existing anti-virus software.

What Specifically Is The Problem?

When a user downloads a document from a SharePoint server, the user is required to log in their account first – after which the server verifies the login credentials and then issues an authentication token. Liran discovered that he can use his own server to copy the responses which are sent from the sharepoint.com domain server.  At that point he can generate and fake the token. An attacker doing this can inject his code to connect to an untrusted web server to capture the user’s private Office 365 authentication token.  This allows the attacked to go to the user’s organization’s SharePoint site to access anything they want without the user knowing. According to Liran this is a perfect cyber crime in which the organization does not know they have been hit.

Microsoft has been working on this vulnerability, but at the time of this writing the backdoor still existed.

How would this work in the real world?:

  • The user will get an e-mail asking them to review a document or visit a webpage. This document could be coupons, someone’s CV or contract.
  • The user will click on the link and be redirected to Sharepoint which will ask to open the document in Word. If the user accepts, Word will request the document from the malicious webpage.
  • The malicious webpage in turn will ask Word for an Office 365 token. The malicious webpage gives Word a legitimate looking document in return. The attacker will then have the Office 365 token and access to the organization’s data.

OnsitePCSolution_Word_Document

This is a serious potential threat to organizations and companies that use Office 365. Important company data can be stolen without anyone knowing. The attacker could also monitor the data which could be confidential. The attacker also has access to delete the data.

What Can I Do To Protect My Business?

Until Microsoft comes up with a solid solution to this vulnerability, users should not open any unknown or suspicious looking emails.  They should also confirm from known senders to verify the authenticity of the email.  It is also important to absolutely avoid clicking on any unknown URLs and links or open attached documents in a file.

For further assistance, let your office IT support know about this vulnerability and stay ahead of a corporate data breach.

 

 

Read More


OnsitePCSolution_MSE_Protecting_Computer

In our previous article on Microsoft ending support and updates for Windows XP, we described what made Windows XP so commonly used and the dangers of continuing to run it after April of 2014.  Microsoft has put another nail in the coffin for users who want to continue running Windows XP: no more virus definition updates for Microsoft Security Essentials on Windows XP after April 2014.

This will be quite a problem as Microsoft Security Essentials (download here) is the most commonly used free anti-virus and anti-malware on Windows computers.

In this article from ZDNet, a Microsoft spokesperson states:

“Microsoft will not guarantee updates of our antimalware signature and engine after the XP end of support date of April 8, 2014…”

Windows8or7b

The message further pushes users to upgrade to more modern Windows operating systems such as Windows 7 (which we recommend) and Windows 8.  If you want to risk running Windows XP after the April 2014 end of life date, you can use free anti-virus solutions such as AVG or Avira.  As long as you are running regular backups or Windows XP isn’t running on a business computer, then the risk is minimized.

If you are not sure if you are running Windows XP or whether you need to upgrade, contact your office or home IT support.

Read More


OnsitePCSolution_Main_Image_v1

 

Your website is crucial in helping the rest of the world to find your service or to learn more about you.  As more websites are built on WordPress allowing you to easily manage your site pages, blog and online stores, it has become a target of criminals.  In this article we will cover why it’s important to avoid free premium WordPress themes.

I have a website, what’s the problem?

If you have recently (in the last several years) had your website updated or created, there is a good chance  your main website or a sub section such as the blog is running WordPress.  The best way to check if WordPress is being used is to ask the person that designed your website.

 

Onsite_PC_Solution_wordpress-logo

 

A theme is then used to change the layout, colors, fonts and general look and behavior of your site.  Themes can either be free, or premium where you pay for more features, updates and typically support.  Since premium themes cost money, some people decide to do a quick Google search to find the premium theme for free.

Premium themes that are quickly available over Google can contain malicious code that will infect your website, and as a result anyone that visits your website.

What happens if my site is infected with malicious code?

Once your site has been infected, the malicious party can then run programs and code on your website.  This not only puts your website at risk but also puts your website visitors at risk.  Your website can also be flagged for malware by Google.

Snippet_of_malicious_code

A snippet of malicious code as described by Sam Parkinson in his blog post on the details of pirating premium WordPress themes

How can I keep myself safe?

The next time you talk to your website designer, ask them these questions:

1. Is my website running WordPress?

2. Is the theme of my website free or premium?

3. If it is premium,  where was it downloaded from and paid for?

If the site runs WordPress and a premium theme, make sure it was paid for and downloaded from the theme designer’s official webpage, or from the official WordPress premium theme site.

Also, as mentioned in this article, ask your website designer to disable dangerous functions that are not being used on your site as explained here.

We always recommend giving your office or home IT support all of the details so they can keep track of and inventory potential risks to your business as well.

Read More